kernel event listener











up vote
2
down vote

favorite












I wonder if there is something similar to an event listener in UNIX that a program can subscribe to? Specifically I want to know:



Start and end times of a user session

Start and end of the applications executed by that user


Any Tips?






ubuntu kernel linux-kernel process-management application







share|improve this question




























    up vote
    2
    down vote

    favorite












    I wonder if there is something similar to an event listener in UNIX that a program can subscribe to? Specifically I want to know:



    Start and end times of a user session
    
Start and end of the applications executed by that user


    Any Tips?






    ubuntu kernel linux-kernel process-management application







    share|improve this question


























      up vote
      2
      down vote

      favorite









      up vote
      2
      down vote

      favorite











      I wonder if there is something similar to an event listener in UNIX that a program can subscribe to? Specifically I want to know:



      Start and end times of a user session
      
Start and end of the applications executed by that user


      Any Tips?






      ubuntu kernel linux-kernel process-management application







      share|improve this question















      I wonder if there is something similar to an event listener in UNIX that a program can subscribe to? Specifically I want to know:



      Start and end times of a user session
      
Start and end of the applications executed by that user


      Any Tips?






      ubuntu kernel linux-kernel process-management application




      ubuntu kernel linux-kernel process-management application






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited Jun 2 '14 at 14:49









      slm

      245k66505671




      245k66505671










      asked Jun 2 '14 at 13:31









      Inkognito

      211




      211






















          1 Answer
          1






          active

          oldest

          votes

















          up vote
          1
          down vote













          Using psacct



          The events that you're looking for can be found through psacct. Specifically I'd take a look at the tool ac which shows accounting information on users. I touch on this in this U&L Q&A titled: Commands for determining level of usage of server.



          NOTE: This is not a subscribe-able "service", rather a tracking & reporting infrastructure that you can ask it questions.



          You can also use lastcomm (part of psacct, it has several tools in the suite) to find out when a given application was used by user X.



          Example



          $ lastcomm rm
          
rm                S     root     pts/0      0.00 secs Tue Nov 14 00:39
          
rm                S     root     pts/0      0.00 secs Tue Nov 14 00:39
          
rm                S     root     pts/0      0.00 secs Tue Nov 14 00:38


          You'll have to dig a bit into psacct but there's a lot of resources about it on U&L as well as google which should get you what you want.



          Using auditd



          The other tool, in the same vain as psacct's tracking & reporting approach is auditd. With auditd you can query to find out who and for how long program X was run.



          Example



          $ sudo ausearch -x /usr/bin/sudo | head -5
          
----
          
time->Sat Dec  7 21:15:15 2013
          
type=USER_AUTH msg=audit(1386468915.558:419): pid=2189 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:authentication acct="saml" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'
          
----
          
time->Sat Dec  7 21:15:15 2013


          NOTE: The above is finding all the entries where someone ran the tool /usr/bin/sudo.



          References




          • Chapter 34. Introducing an Audit Rule Set

          • 7.7. Searching the Audit Log Files






          share|improve this answer























            Your Answer








            StackExchange.ready(function() {
            var channelOptions = {
            tags: "".split(" "),
            id: "106"
            };
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function() {
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled) {
            StackExchange.using("snippets", function() {
            createEditor();
            });
            }
            else {
            createEditor();
            }
            });

            function createEditor() {
            StackExchange.prepareEditor({
            heartbeatType: 'answer',
            convertImagesToLinks: false,
            noModals: true,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: null,
            bindNavPrevention: true,
            postfix: "",
            imageUploader: {
            brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
            contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
            allowUrls: true
            },
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            });


            }
            });














            draft saved

            draft discarded


















            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f134107%2fkernel-event-listener%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown

























            1 Answer
            1






            active

            oldest

            votes








            1 Answer
            1






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes








            up vote
            1
            down vote













            Using psacct



            The events that you're looking for can be found through psacct. Specifically I'd take a look at the tool ac which shows accounting information on users. I touch on this in this U&L Q&A titled: Commands for determining level of usage of server.



            NOTE: This is not a subscribe-able "service", rather a tracking & reporting infrastructure that you can ask it questions.



            You can also use lastcomm (part of psacct, it has several tools in the suite) to find out when a given application was used by user X.



            Example



            $ lastcomm rm
            
rm                S     root     pts/0      0.00 secs Tue Nov 14 00:39
            
rm                S     root     pts/0      0.00 secs Tue Nov 14 00:39
            
rm                S     root     pts/0      0.00 secs Tue Nov 14 00:38


            You'll have to dig a bit into psacct but there's a lot of resources about it on U&L as well as google which should get you what you want.



            Using auditd



            The other tool, in the same vain as psacct's tracking & reporting approach is auditd. With auditd you can query to find out who and for how long program X was run.



            Example



            $ sudo ausearch -x /usr/bin/sudo | head -5
            
----
            
time->Sat Dec  7 21:15:15 2013
            
type=USER_AUTH msg=audit(1386468915.558:419): pid=2189 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:authentication acct="saml" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'
            
----
            
time->Sat Dec  7 21:15:15 2013


            NOTE: The above is finding all the entries where someone ran the tool /usr/bin/sudo.



            References




            • Chapter 34. Introducing an Audit Rule Set

            • 7.7. Searching the Audit Log Files






            share|improve this answer



























              up vote
              1
              down vote













              Using psacct



              The events that you're looking for can be found through psacct. Specifically I'd take a look at the tool ac which shows accounting information on users. I touch on this in this U&L Q&A titled: Commands for determining level of usage of server.



              NOTE: This is not a subscribe-able "service", rather a tracking & reporting infrastructure that you can ask it questions.



              You can also use lastcomm (part of psacct, it has several tools in the suite) to find out when a given application was used by user X.



              Example



              $ lastcomm rm
              
rm                S     root     pts/0      0.00 secs Tue Nov 14 00:39
              
rm                S     root     pts/0      0.00 secs Tue Nov 14 00:39
              
rm                S     root     pts/0      0.00 secs Tue Nov 14 00:38


              You'll have to dig a bit into psacct but there's a lot of resources about it on U&L as well as google which should get you what you want.



              Using auditd



              The other tool, in the same vain as psacct's tracking & reporting approach is auditd. With auditd you can query to find out who and for how long program X was run.



              Example



              $ sudo ausearch -x /usr/bin/sudo | head -5
              
----
              
time->Sat Dec  7 21:15:15 2013
              
type=USER_AUTH msg=audit(1386468915.558:419): pid=2189 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:authentication acct="saml" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'
              
----
              
time->Sat Dec  7 21:15:15 2013


              NOTE: The above is finding all the entries where someone ran the tool /usr/bin/sudo.



              References




              • Chapter 34. Introducing an Audit Rule Set

              • 7.7. Searching the Audit Log Files






              share|improve this answer

























                up vote
                1
                down vote










                up vote
                1
                down vote









                Using psacct



                The events that you're looking for can be found through psacct. Specifically I'd take a look at the tool ac which shows accounting information on users. I touch on this in this U&L Q&A titled: Commands for determining level of usage of server.



                NOTE: This is not a subscribe-able "service", rather a tracking & reporting infrastructure that you can ask it questions.



                You can also use lastcomm (part of psacct, it has several tools in the suite) to find out when a given application was used by user X.



                Example



                $ lastcomm rm
                
rm                S     root     pts/0      0.00 secs Tue Nov 14 00:39
                
rm                S     root     pts/0      0.00 secs Tue Nov 14 00:39
                
rm                S     root     pts/0      0.00 secs Tue Nov 14 00:38


                You'll have to dig a bit into psacct but there's a lot of resources about it on U&L as well as google which should get you what you want.



                Using auditd



                The other tool, in the same vain as psacct's tracking & reporting approach is auditd. With auditd you can query to find out who and for how long program X was run.



                Example



                $ sudo ausearch -x /usr/bin/sudo | head -5
                
----
                
time->Sat Dec  7 21:15:15 2013
                
type=USER_AUTH msg=audit(1386468915.558:419): pid=2189 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:authentication acct="saml" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'
                
----
                
time->Sat Dec  7 21:15:15 2013


                NOTE: The above is finding all the entries where someone ran the tool /usr/bin/sudo.



                References




                • Chapter 34. Introducing an Audit Rule Set

                • 7.7. Searching the Audit Log Files






                share|improve this answer














                Using psacct



                The events that you're looking for can be found through psacct. Specifically I'd take a look at the tool ac which shows accounting information on users. I touch on this in this U&L Q&A titled: Commands for determining level of usage of server.



                NOTE: This is not a subscribe-able "service", rather a tracking & reporting infrastructure that you can ask it questions.



                You can also use lastcomm (part of psacct, it has several tools in the suite) to find out when a given application was used by user X.



                Example



                $ lastcomm rm
                
rm                S     root     pts/0      0.00 secs Tue Nov 14 00:39
                
rm                S     root     pts/0      0.00 secs Tue Nov 14 00:39
                
rm                S     root     pts/0      0.00 secs Tue Nov 14 00:38


                You'll have to dig a bit into psacct but there's a lot of resources about it on U&L as well as google which should get you what you want.



                Using auditd



                The other tool, in the same vain as psacct's tracking & reporting approach is auditd. With auditd you can query to find out who and for how long program X was run.



                Example



                $ sudo ausearch -x /usr/bin/sudo | head -5
                
----
                
time->Sat Dec  7 21:15:15 2013
                
type=USER_AUTH msg=audit(1386468915.558:419): pid=2189 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:authentication acct="saml" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'
                
----
                
time->Sat Dec  7 21:15:15 2013


                NOTE: The above is finding all the entries where someone ran the tool /usr/bin/sudo.



                References




                • Chapter 34. Introducing an Audit Rule Set

                • 7.7. Searching the Audit Log Files







                share|improve this answer














                share|improve this answer



                share|improve this answer








                edited Nov 28 at 22:51

























                answered Jun 2 '14 at 14:56









                slm

                245k66505671




                245k66505671






























                    draft saved

                    draft discarded




















































                    Thanks for contributing an answer to Unix & Linux Stack Exchange!


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid



                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.


                    To learn more, see our tips on writing great answers.





                    Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


                    Please pay close attention to the following guidance:


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid



                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.


                    To learn more, see our tips on writing great answers.




                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function () {
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f134107%2fkernel-event-listener%23new-answer', 'question_page');
                    }
                    );

                    Post as a guest















                    Required, but never shown





















































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown

































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown







                    -

                    Popular posts from this blog

                    Accessing regular linux commands in Huawei's Dopra Linux

                    Image
                    4 Backstory: I have a Huawei HG8245 router in my house and I want to change the default username/password. I've tried following this guide but the config file always gets reset. My ISP isn't helping either so I'm looking for other ways to accomplish this. The router has telnet access so this seems like a way to change the credentials. The first shell I gain access to looks like this: WAP> Pressing "?" gives me a list of available commands which I've pasted here, the two interesting ones are "su" and "shell". I can't seem to get su access, even after logging in as root (challenge password prompt, and then nothing happens), but shell gives me a proper linux shell. WAP>shell BusyBox v1.18.4 (2017-12-26 17:06:34 CST) built-in shell (ash) Enter 'hel...
                    Read more

                    Can't connect RFCOMM socket: Host is down

                    Image
                    up vote 3 down vote favorite I have bluez 5.4.3 and I am attempting to communicate with a ble device through minicom. These two deceives (my computer and a bluno nano) are alreadt paired and this has been my method so far. #bluetoothctl # pair xx:xx:xx:xx:xx:xx # exit Everything is working well so far then... #sudo rfcomm connect /dev/rfcomm0 xx:xx:xx:xx:xx:xx 1 & [1] 3665 Can't connect RFCOMM socket: Host is down Does anyone know how to resolve this issue? Any help would be very much appreciated. bluetooth bluez share | improve this question asked Feb 9 '17 at 18:46 Brandon Knape 46 2 ...
                    Read more

                    Kernel panic - not syncing: Fatal Exception in Interrupt

                    Image
                    0 Every day this error occured on my pc, kernel panic error on interrupt, what will be the problem? linux-mint share asked 6 mins ago Vinod Selvin Vinod Selvin 1 1 New contributor Vinod Selvin is a new contributor to this site. Take care in asking for clarification, commenting, and answering. Check out our Code of Conduct. add a comment ...
                    Read more