Log entire system activity

Wed Dec 14 11:58:05 UTC 2005

Jeremiah Foster wrote:
> On Tue, 2005-12-13 at 13:19 +0000, Sarangan Thuraisingham / 
>  wrote:
> 
>>Is there any way to log the activity that is taking place in the system 
>>as a whole? I am talking about something other than kernel logs.
> 
> 
> Not really sure what you mean by not kernel logs. If you mean not logged
> by the kernel well there is very little that isn't logged by the kernel
> since you have to ask the kernel for a new process, etc. If you mean a
> log that is logging something other than user-space activity than yes
> there are logs to do what you want.
> 
>>I guess I am a bit paranoid, but sometimes I want to know everything 
>>that is happening in my system. For example, I want logs for ssh 
>>activity, NFS or samba share activity, what process are using the 
>>network, etc
> 
> 
> For sshd (i.e. server) messages, look in /var/log/auth.log There you
> will also find sudo activity, and PAM activity along with nearly
> anything else requiring a password on the system.
> 
> If you want a real-time display of processes try ps auxww or use the
> program "top." top is continually updated in your terminal so you can
> monitor every process in real time, as it happens. It also shows you
> memory usage and process owner, etc.
> 
> 
>>Is there anything like that at all?
> 
> 
> There are many other facilities for monitoring the system, I have just
> scratched the surface here. Look in /var/log and do man top and man ps.
> 
> Best regards,
> 
> Jeremiah
> 
> 
Thank you all, but what about network activity. For files list I can use 
'lsof', but is there anything like that for network connections and 
bandwidth usage per process?

-- 
Regards,
  - Saru
--------------------------------------------
Sarangan Thuraisingham
ECS, University of Southampton, UK

Homepage: http://sarangan.thuraisingham.net

    Tux is the Best
   Next is the Rest
--------------------------------------------