how to install/uninstall snoopy logger on Unix/Linux server

Snoopy logger : It is very useful tool for linux server admins which is providing a log of commands executed via shell/back end. The snoopy utility logs all commands and the user details to ‘/var/log/secure’. If you want a details of the past commands and the user details, simply refer the file /var/log/secure, more details and examples are explained below;

how to install snoopy logger on Unix/Linux server?

Do follow the below pasted steps to install Snoopy on you linux server.
Step 1: Login to your server via SSH as root user.
Step 2: Execute the following one by one.

# cd /usr/src
# wget ftp://ftp.uwsg.indiana.edu/pub/FreeBSD/ports/distfiles/snoopy-1.8.0.tar.gz
# tar xvf snoopy-1.8.0.tar.gz
# cd snoopy-1.8.0
# ./configure
# make
# make install

The make install output will display an instruction to enable the Snoopy to start the logging properly. See the details:

[[email protected] snoopy-1.8.0]# make install
install -m 755 -d /usr/local/lib
install -m 755 snoopy.so /usr/local/lib/snoopy.so

Snoopy shared library installed in /usr/local/lib.
Run 'make enable' to actually enable snoopy logging.

Run “make enable” command to enable it.

# make enable

Example:

[[email protected] ]# tail -5  /var/log/secure
Dec 30 08:37:11 jishnu snoopy[18337]: [uid:0 sid:520 tty: cwd:/usr/libexec/webmin/webmincron filename:/bin/uname]: uname -r
Dec 30 08:37:11 jishnu snoopy[18339]: [uid:0 sid:520 tty: cwd:/usr/libexec/webmin/webmincron filename:/bin/df]: df -k /
Dec 30 08:37:11 jishnu snoopy[18341]: [uid:0 sid:520 tty: cwd:/usr/libexec/webmin/webmincron filename:/bin/rpm]: rpm -q -a --queryformat %{NAME}\n%{VERSION}-%{RELEASE}\n%{EPOCH}\n%{GROUP}\n%{SUMMARY}\n\n
Dec 30 08:37:12 jishnu snoopy[18343]: [uid:0 sid:520 tty: cwd:/usr/libexec/webmin/webmincron filename:/usr/bin/vmstat]: vmstat 1 2
Dec 30 08:37:13 jishnu snoopy[18345]: [uid:0 sid:520 tty: cwd:/usr/libexec/webmin/webmincron filename:/sbin/ifconfig]: ifconfig -a

You can find out the command details from the last part of each line(Eg: uname -r, df -k, ifconfig -a) and User details from the UID part(Here UID:0 means root User). All user informations are listed in ‘/etc/password’ file, You can grep out it from there or may use the command “getent” with corresponding UID value.
Example : For the above ‘/var/log/secure‘ out the UID of the user is ‘0’.

[[email protected] ~]# cat /etc/passwd
root:x:0:0:root:/root:/bin/bash

With ‘getnet‘ commands:

[[email protected] ~]# getent passwd 0
root:x:0:0:root:/root:/bin/bash

how to uninstall/remove snoopy logger from Unix/Linux server?

To uninstall the Snoopy from server, you need to remove the snoopy reference file ‘/usr/local/lib/snoopy.so‘ from the ‘/etc/ld.so.preload‘ file and then remove the ‘vc’ file.

Step 1: vi /etc/ld.so.preload  >> Remove the reference line
Step 2: rm /usr/local/lib/snoopy.so

Then you will get the message while enabling the Snoopy;

[[email protected] snoopy-1.8.0]# make enable
./enable.sh /usr/local/lib
ERROR: /usr/local/lib/snoopy.so is not installed or is not executable
make: *** [enable] Error 1

Finished 🙂

Related links:
How to install Git on a cpanel server (CentOS)
How to install php-pear mail on CentOS or RHEL
How to install IonCube loader on server
iftop installation on Unix/Linux server

Arunlal Ashok

Linux Server Administrator. I'm dealing with Linux servers since 2012. I started this blog to share and discuss my ideas with the world. Check My Profile!! in uPwork (oDesk) and let me know if you need any assistance. Thanks!!

You may also like...

2 Responses

  1. January 23, 2014

    […] this also: How to install nginx as reverse proxy in a cPanel server how to install/uninstall snoopy logger on Unix/Linux server iftop installation on Unix/Linux […]

  2. February 9, 2014

    […] Snoopy logger […]

Leave a Reply

Your email address will not be published. Required fields are marked *