I'd recommend looking at the Linux Audit Subsystem. That is probably designed to give you what you want. It will probably require careful thought to get it dialed in to tell you everything you want to know, but it's pretty mainstream.
Jon -----Original Message----- From: Linux on 390 Port [mailto:[email protected]] On Behalf Of Shan, Rita Sent: Thursday, March 13, 2014 5:33 PM To: [email protected] Subject: Linux file updates by timestamp and userid Could anyone kindly provide information on how we can monitor/log zLinux file updates by timestamp and by user ID? We have a number of staff maintaining zLinux system all with sudo privilege, we need to have a way to track file updates by date/time/user-ID. Does AIDE provides these kind of detailed level information? What kind of overhead it will generate if we turned it on? Is there an inexpensive vendor tool for this? Any help is greatly appreciated Rita Email transmitted across the Internet is normally not protected and may be intercepted and viewed by others. Therefore, you should refrain from sending any confidential or private information via unsecured email to PenFed. We will not ask you to send confidential information to us via email, such as your logon ID, password, account numbers, or Social Security number. We prohibit our employees from sending confidential information to you via email that is not encrypted. The recommended document submission method is FAX; a partial list of generic fax numbers can be found <https://www.penfed.org/aboutUs/contactUs.asp#fax> here<https://www.penfed.org/aboutUs/contactUs.asp#fax>.<https://www.penfed.org/aboutUs/contactUs.asp#fax> ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 ---------------------------------------------------------------------- For more information on Linux on System z, visit http://wiki.linuxvm.org/ ________________________________ The information contained in this e-mail message is intended only for the personal and confidential use of the designated recipient(s) named above. This message may be an attorney-client or work product communication which is privileged and confidential. It may also contain protected health information that is protected by federal law. If you have received this communication in error, please notify us immediately by telephone and destroy (shred) the original message and all attachments. Any review, dissemination, distribution or copying of this message by any person other than the intended recipient(s) or their authorized agents is strictly prohibited. Thank you. ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 ---------------------------------------------------------------------- For more information on Linux on System z, visit http://wiki.linuxvm.org/
