If the atop daemon is running you should have files with a record of
what's going on during each 10 minute period. For example, suppose your
current path is /var/log/atop, you want to look in the atop file for
3/2/2014 (whose name is "atop_20140302"), and want information about
commands like "ssh [email protected]".
atop -r atop_20140302 -P PRG | grep "x.fnal.gov" > x.txt
will put into file "x.txt" one line for each process alive during each 10
minute period, provided the line contains the string "x.fnal.gov". Type
'man atop" for an explanation of the information on each line for the PRG
label. Included in the information is the uid of who gave the ssh command
and when it was given.
Steven Yellin
On Mon, 3 Mar 2014, vivek chalotra wrote:
Hello all,
I want to see ssh logs of the past few days from my system to a particular
system outside our network. I looked into /var/log/secure but it does not
contain outgoing logs. How to do that. Its urgent, any help would be
appreciated.
Regards
Vivek Chalotra
