Hi I would like to track what users do when they log in to a system. I don't want to know every key typed as in shellsnoop and I don't want all the execs that I get from execsnoop.
So I thought that it might be really easy combining the shellsnoop with execsnoop scripts that will give me the exec when one of the parent process is an interactive shell. So I have two questions: Has anyone done this before or does anybody know how to accomplish what I'm trying to do? I obviously don't really know how to find out in what sequence which kernel functions/system calls are executed (amongst other things). What would be an easy way to start building up more knowledge in that field. Thank you very much for your help. -- This message posted from opensolaris.org _______________________________________________ dtrace-discuss mailing list [email protected]
