Slashdot Mirror

← Back to Stories (view on slashdot.org)

Unix SAR?

Posted by Cliff on from the following-the-process-audit-trail dept.

An Anonymous Coward asks: "This may appear to be a simple question at a first glance but I have been trying to find a solution for it for quite a while. I have been playing with different System Accounting utilities (i.e. SAR etc) and they all provide a wide range of useful information but I did not find any one that would be able to tell me the full path and the name of every process that a user runs in a Solaris machine. A loop with ps does not help because you may miss the processes that ran between each call to ps. Any one know how to extract this info? Is there a good System Accounting solution that does the trick? What is the best System Accounting solution available today?"

2 of 18 comments (clear)

  1. Turn on auditing by devphil · · Score: 5, Funny


    Fire up yer browser, point it at the local AnswerBook2 server (or http://docs.sun.com/), and find the System Administrator Collection. Flip down to "SunSHIELD Basic Security Monitor Guide." Read about how to enable auditing.

    Then tell it to record full paths, flip the switch, and watch your hard drives fill up in seconds due to the massive amount of auditing information being logged.

    --
    You cannot apply a technological solution to a sociological problem. (Edwards' Law)
  2. Process accounting by booch · · Score: 5, Informative

    $ man accton
    $ man acctprc
    $ man acctcms
    $ man -s 4 acct

    --
    Software sucks. Open Source sucks less.