2

As you know better than me any action in linux store in log files, like /var/log, I was wondering is there anyway to customize the log file in linux, for example in this case I'm the root of my system, and I don't want to log root's actions, but the others are important because I want to monitor them.

in this case just wtmp is important to me !

Freeman
  • 277
  • what actions do you have to log ? – Sergiy Kolodyazhnyy Jun 23 '15 at 13:06
  • I just want to know is it possible to customize log or not , I want to check just user1 and don't want log user2, is it possible ? – Freeman Jun 23 '15 at 14:23
  • Well, as I understand it's not possible. wtmp logs all the users. If you just want to view one particular user's action , you can use last username or last | grep 'user1\|user2\|user3\|' for multiple users. Let me know if that's an acceptable answer for you, and I'll post it. – Sergiy Kolodyazhnyy Jun 23 '15 at 15:03
  • Thanks Serg,but I want to store as I want not filter it , thanks anyway – Freeman Jun 23 '15 at 15:15
  • What type of actions and which log. There are many logs. It is easy to not save some commands in root's history for example, would that do? – terdon Jun 23 '15 at 16:39
  • @terdon,as I told just wtmp for example ! – Freeman Jun 23 '15 at 17:36
  • @Sam sorry but I have no idea what wtmp is. I guess it is a program. Do you want to have that one logged or not ave it logged? And in what log file? – terdon Jun 23 '15 at 17:40
  • @terdon,utmp and wtmp will give you complete picture of users logins at which terminals, logouts, system events and current status of the system, system boot time (used by uptime) etc. in this case I want to just store users not root, that's it ! – Freeman Jun 23 '15 at 17:45
  • Ah! OK, so you're not talking about logs but about the output of wtmp. Is that correct? – terdon Jun 23 '15 at 17:46
  • yes exactly! the problem is I want to decide what things save into the log and what thing not, in this case just ignoring root actions is enough ! – Freeman Jun 23 '15 at 17:48

1 Answers1

1

There is no easy way of selectively not storing certain actions in the log files when running as root...

It's easy to add more to any log, but without digging into the source code of all the applications/scripts that store the information there, you're out of luck not storing what root does...

(Meaning: it's not impossible, but just an enormous amount of work)

If you're talking about the command history, that's easy: just start every command you don't want remembered by a space…

A.B.
  • 90,397
Fabby
  • 34,259
  • thanks for your reply , as you know better than me utmp and wtmp will give you complete picture of users logins at which terminals, logouts, system events and current status of the system, system boot time (used by uptime) etc. in this case I want to just store users not root, that's it ! – Freeman Jun 23 '15 at 17:34
  • Well, that's the point: you have to dig into the source code and change it... Use the source, Luke! ;-) And please, don't thank me! ;-) If you like my answer, just click the little grey under the "0" now turning it into beautiful green. If you do not like my answer, click on the little grey down-arrow below the 0, and if you really like my answer, click on the little grey checkmark and the little up-arrow... If you have any further questions, go to http://askubuntu.com/questions/ask – Fabby Jun 23 '15 at 17:40
  • Thanks for your answer, I know we can change the source because the linux is OpenSource, and I also know how I can checkmark your answer but it's not really my answer , so sorry about that bro ! – Freeman Jun 23 '15 at 17:52