Petre Daniel said: > Hello,i tried the vtgrab package and didn't > suceeded much in supervising other consoles. > Well,i have several computers,linux gateways to > small lans,and the ppl that sit on them aren't > specialized for the root job,so i must know > almost all the time what is happening there. > I am wondering what tools are to inform me > remotely somehow when and what they are doing > when they're logging in as root.
i use logcheck (i think thats the package name). but believe me, get enough emails and you'll start ignoring them. it gets redundant and boring to read status reports. i do a TON of mrtg stuff(i monitor about 45 different things ranging from company stock price, to disk space to load average to mail load, to memory usage to tcp connections). i also use nocol to do network monitoring, and big brother for system monitoring/alerting. nocol and big brother also send me email alerts and i usually ignore them too(i watch the web sites though, and i do recieve nocol alerts on my cellphone) > Btw,how can i mail each 5 or so minutes the > .bash_history of root and send it to my central > mail.? cronjob ..doubtful it will be useful though there are better ways .. > i am thinking in installing snort everywhere,but > then how do i grep through the logs and send the > attacks to me..? demarc. i highly reccomend it. http://demarc.org it is free for non commercial use or if your company has less then 25 employees or your an isp with less then 1000(?) customers. my company is not so we bought it. its great. you can also configure it to monitor files (much like tripwire tho not as advanced), so you could have it monitor /root/* for changes. it logs to a mysql database(local or remote), and can email alerts. ive been working with it since august, and its improved tons since and continues to get better.. you can do tripwire too but thats just 1 more thing to administer. demarc can also do host monitoring and system monitoring like nocol/big brother but i haven't had a chance to dive into that side of it yet. > Well,this is my problem,how can i know somehow > summarized what's hapening on those boxes..? > i am not that good at shell programming so..all > help it will be appreciated. the above tools will help you keep ontop of multiple systems..they all take significant amount of time to configure. ive literally spent days(if you add all the time up) or even a week of time confinguring the above tools to suit my needs. it takes a LOOONG time. but its worth it. it gives tons of info about everything. as someone who watches over ~40 linux and unix systems ive leared its important to be able to provide a lot of info at a glance. opening 50 emails a day checking on everything is not the way you wanna go in the long run. i setup a special website that just loads a couple frames and from a 1600x1200 monitor i can see mrtg stats, big brother stats and nocol all at the same time and i tell opera to auto refresh the mrtg stuff every 5 minutes(nocol and big brother auto refresh already). i also watch over a colocation, 5 t1s, 4 inter-office vpns, multiple switches, along with the servers themselves..thats a LOT of information to try to co-ordinate. you know its working well when your able to detect a server failing, or a downed route though. i love it when my monitors are able to track down problems before anyone else even knows they are there. makes life much easier. as for console administration, currently i don't do it. my linux systems run 6-8 months at a time with no issues, i would like to do remote consoles say a portmaster hooked up to a linux box so i could ssh to the linux box, login to the portmaster in minicom then login to a system from there rather then telnet to the portmaster(bad). but haven't done that yet. hope this helps nate
