user activity using rsyslog
How can we log all the user activity using rsyslog.
in syslog we used to use auth.* for logging all the commands typed by the users who logged into ssh, is there a similar configuration in rsyslog or rhel6?
Responses
Hi Praveen, welcome to the Groups!
Advice on configuring rsyslog is available in the RHEL 6 deployment guide. Let me know if you find your answer here: https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/ch-Viewing_and_Managing_Log_Files.html
>> in syslog we used to use auth.* for logging all the commands typed by the users who logged into ssh, is there a similar configuration in rsyslog or rhel6?
auth.* used with syslog does log all the commands typed by users, auth is a syslog facility which means log security/authorization messages (private).
Configuring auth.* in rsyslog will also log same authentication related logs in /var/log/secure.
If you want to audit all commands run by a user, Refer https://access.redhat.com/knowledge/solutions/49257
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.
