Thanks to all who answered. What I did was to change root account to use the bash shell instead of the KSH shell. I am monitoring the shell scripts that execute as root to ensure that no problems occur because of switching from ksh to bash. I understand that this is fairly easy to subvert but until I find a better way maybe BSMCONV / auditing / some type of Dtrace < which were all suggested by the forum > I have something that is working right now. I hope this will help someone else go home earlier then they might have.. Then At the end of /etc/profile I added export PROMPT_COMMAND='history -a >(logger -p local1.debug -t "$USER[$PWD] $SSH_CONNECTION")' Then vi /etc/syslog.conf and added the following at the end of same # Loglogic Redirection authpriv.*;local1.* < MUST BE TABS I always use 2 > @xx.xx.xx.xx <@xx.xx.xx.xx -- obviously this could be anywhere file,some logging device> Then issued kill -HUP <pid of syslogd> Logged out and back in as root issued some commands and then checked the LogLogic console to ensure that the messages were getting to it.. ( and they were ).. -----Original Message----- From: sunmanagers-bounces@sunmanagers.org [mailto:sunmanagers-bounces@sunmanagers.org] On Behalf Of Bahto, Richard Sent: Wednesday, June 27, 2012 3:55 PM To: sunmanagers@sunmanagers.org Subject: RE: Logging all commands executed by user root to LogLogic device Please forgive my incompleteness I am running this on a SunFire T2000 running Solaris 10 SunOS 5.10 Generic_147440-19 sun4v sparc SUNW,Sun-Fire-T200 From: Bahto, Richard Sent: Wednesday, June 27, 2012 3:52 PM To: 'sunmanagers@sunmanagers.org' Subject: Logging all commands executed by user root to LogLogic device I am now being asked to send every command that root executes to a LogLogic device. One of my collages have successfully done this on his Linux servers using the following I have add following entry on /etc/bashrc & /etc/syslog.conf files and restart the syslog deamon. cat /etc/bashrc export PROMPT_COMMAND='history -a >(logger -p local1.debug -t "$USER[$PWD] $SSH_CONNECTION")' cat /etc/syslog.conf # Loglogic Redirection authpriv.*;local1.* @xx.xx.xx.xx I have tried this as is ( adding the export command to /etc/profile since we don't have an /etc/bashrc ) and using auth.debug and local1.debug as the facility.level . I have been unsuccessful in my attempts and would appreciate any suggestions you would offer. Thanks in advance Richard Bahto ... ================================================================= This email message is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. To reply to our email administrator directly, send an email to EmailAdmin@toysrus.com. Toys "R" Us, Inc. _______________________________________________ sunmanagers mailing list sunmanagers@sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers ... _______________________________________________ sunmanagers mailing list sunmanagers@sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagersReceived on Thu Jun 28 17:34:57 2012
This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:44:19 EST