SUMMARY: monitoring usage of a file

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi,

Sorry for the late submission...

Original Question:

1)I would like to monitor a file and keep track of WHO execute it and WHEN
it is being executed. Can I do it in Solaris without any 3rd party tools?
If not, what 3rd party tools should I use? How do I do so?

2) In addition, is it possible for me to send an alert to a remote server
that the file is being used (with the identity of the user and the time)?
Do I set this up in the syslog.conf file? If yes, what's the source and
facility levels I should specify?

Answer:
1) Yes, most suggested the use of a wrapper script over the file that I
wish to monitor. Best answer came from Jay Lessert (see below). Others
suggested the audit facility, sudo and LSOF (to check if the file is
opened)
2) Yes, I set this up in the syslog.conf file. Again, the best answer comes
from Jay Lessert (keep it up, Jay!)

Lastly, thanks to: Jay Lessert, David Foster, Andrew Brenann, Erin Jones,
David Evans, Peter Gutmann, Keith McCabe, Gary Jenson, Jeff Lightner, Marco
Shaw, Doug Winter, JCJ6.

Thanks gurus!!!

-------------------------
>From Jay Lessert:
1) Only by using a wrapper script. Suppose you want to monitor something
like
/usr/bin/renice:

    # mv /usr/bin/renice /usr/bin/renice.exe
    # cat > /usr/bin/renice
    #!/bin/sh
    # put monitoring stuff here
    #
    exec $0.exe $@
    # chmod 755 /usr/bin/renice

The "monitoring stuff" can be anything you want. You can send e-mail if
you
like!

2) You can do something like:

    # cat > /usr/bin/renice
    #!/bin/sh
    # monitoring stuff
    logger -p user.info $0
    #
    exec $0.exe $@
    # chmod 755 /usr/bin/renice

Your client syslog.conf looks like:

user.info @serverhost

and the server's syslog.conf looks like:

user.info /var/log/file_access.log

S
U BEFORE POSTING please READ the FAQ located at
N ftp://ftp.cs.toronto.edu/pub/jdd/sun-managers/faq
. and the list POLICY statement located at
M ftp://ftp.cs.toronto.edu/pub/jdd/sun-managers/policy
A To submit questions/summaries to this list send your email message to:
N sun-managers@sunmanagers.ececs.uc.edu
A To unsubscribe from this list please send an email message to:
G majordomo@sunmanagers.ececs.uc.edu
E and in the BODY type:
R unsubscribe sun-managers
S Or
. unsubscribe sun-managers original@subscription.address
L To view an archive of this list please visit:
I http://www.latech.edu/sunman.html
S
T

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:14:23 CDT