user activity using rsyslog

Latest response

How can we log all the user activity using rsyslog.

 

in syslog we used to use auth.* for logging all the commands typed by the users who logged into ssh, is there a similar configuration in rsyslog or rhel6?

Responses

Hi Praveen, welcome to the Groups!

 

Advice on configuring rsyslog is available in the RHEL 6 deployment guide. Let me know if you find your answer here: https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/ch-Viewing_and_Managing_Log_Files.html

 

>> in syslog we used to use auth.* for logging all the commands typed by the users who logged into ssh, is there a similar configuration in rsyslog or rhel6?

auth.* used with syslog does log all the commands typed by users, auth is a syslog facility which means log security/authorization messages (private).

Configuring auth.* in rsyslog will also log same authentication related logs in /var/log/secure.

 

If you want to audit all commands run by a user, Refer https://access.redhat.com/knowledge/solutions/49257