Snoopy logger : It is very useful tool for linux server admins which is providing a log of commands executed via shell/back end. The snoopy utility logs all commands and the user details to ‘/var/log/secure’. If you want a details of the past commands and the user details, simply refer the file /var/log/secure, more details and examples are explained below;
how to install snoopy logger on Unix/Linux server?
Do follow the below pasted steps to install Snoopy on you linux server.
Step 1: Login to your server via SSH as root user.
Step 2: Execute the following one by one.
# cd /usr/src
# wget ftp://ftp.uwsg.indiana.edu/pub/FreeBSD/ports/distfiles/snoopy-1.8.0.tar.gz
# tar xvf snoopy-1.8.0.tar.gz
# cd snoopy-1.8.0
# ./configure
# make
# make install
The make install output will display an instruction to enable the Snoopy to start the logging properly. See the details:
[root@server snoopy-1.8.0]# make install
install -m 755 -d /usr/local/lib
install -m 755 snoopy.so /usr/local/lib/snoopy.so
Snoopy shared library installed in /usr/local/lib.
Run 'make enable' to actually enable snoopy logging.
Run “make enable” command to enable it.
# make enable
Example:
[root@server ]# tail -5 /var/log/secure
Dec 30 08:37:11 jishnu snoopy[18337]: [uid:0 sid:520 tty: cwd:/usr/libexec/webmin/webmincron filename:/bin/uname]: uname -r
Dec 30 08:37:11 jishnu snoopy[18339]: [uid:0 sid:520 tty: cwd:/usr/libexec/webmin/webmincron filename:/bin/df]: df -k /
Dec 30 08:37:11 jishnu snoopy[18341]: [uid:0 sid:520 tty: cwd:/usr/libexec/webmin/webmincron filename:/bin/rpm]: rpm -q -a --queryformat %{NAME}\n%{VERSION}-%{RELEASE}\n%{EPOCH}\n%{GROUP}\n%{SUMMARY}\n\n
Dec 30 08:37:12 jishnu snoopy[18343]: [uid:0 sid:520 tty: cwd:/usr/libexec/webmin/webmincron filename:/usr/bin/vmstat]: vmstat 1 2
Dec 30 08:37:13 jishnu snoopy[18345]: [uid:0 sid:520 tty: cwd:/usr/libexec/webmin/webmincron filename:/sbin/ifconfig]: ifconfig -a
You can find out the command details from the last part of each line(Eg: uname -r, df -k, ifconfig -a) and User details from the UID part(Here UID:0 means root User). All user informations are listed in ‘/etc/password’ file, You can grep out it from there or may use the command “getent” with corresponding UID value.
Example : For the above ‘/var/log/secure‘ out the UID of the user is ‘0’.
[root@server ~]# cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
With ‘getnet‘ commands:
[root@server ~]# getent passwd 0
root:x:0:0:root:/root:/bin/bash
how to uninstall/remove snoopy logger from Unix/Linux server?
To uninstall the Snoopy from server, you need to remove the snoopy reference file ‘/usr/local/lib/snoopy.so‘ from the ‘/etc/ld.so.preload‘ file and then remove the ‘vc’ file.
Step 1: vi /etc/ld.so.preload >> Remove the reference line
Step 2: rm /usr/local/lib/snoopy.so
Then you will get the message while enabling the Snoopy;
[root@server snoopy-1.8.0]# make enable
./enable.sh /usr/local/lib
ERROR: /usr/local/lib/snoopy.so is not installed or is not executable
make: *** [enable] Error 1
Finished 🙂
Related links:
How to install Git on a cpanel server (CentOS)
How to install php-pear mail on CentOS or RHEL
How to install IonCube loader on server
iftop installation on Unix/Linux server
2 thoughts on “how to install/uninstall snoopy logger on Unix/Linux server”