Re: I can't create true log file.
On Wednesday 15 March 2006 04:29, Evren Kalayciklioglu wrote:
What i want to do that: when a user changes a file or
its contains the system make a log file containing
when it be done, who did it, which user did it.
Depending on the kernel you are using, audit can do this for you. What you are
trying to do is called adding a watch. The RHEL4 kernel can do this. We are
currently working to get a patch upstream that will allow all kernels to do
this.
Because i want user name but it give user id,
They are one in the same. ausearch -i will interpret the numbers to names.
i want file name but it give a number.
Huh? The filename would be in a WATCH record or PATH record. It is sometimes
encoded when a character is in the filename that is also used as a delimiter,
but once again, ausearch will do the conversion.
I also want to add printing jobs in this log file the same
conditions.
This would be difficult in the current utilities. One would need to patch cups
for this...which is being done for our LSPP work. But it won't be available
for a little while longer.
On the other hand; i think i can't be successful for
configuration and rules
files.
The capp.rules file has examples. Look for the "-w" lines, but once again,
only the RHEL4 U2 and higher kernels can do this.
-Steve