kernel event listener

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP

up vote
2
down vote

favorite

I wonder if there is something similar to an event listener in UNIX that a program can subscribe to? Specifically I want to know:

Start and end times of a user session
Start and end of the applications executed by that user

Any Tips?

share|improve this question

    up vote
    2
    down vote

    favorite

    I wonder if there is something similar to an event listener in UNIX that a program can subscribe to? Specifically I want to know:

    Start and end times of a user session
    Start and end of the applications executed by that user
    

    Any Tips?

    share|improve this question

      up vote
      2
      down vote

      favorite

      up vote
      2
      down vote

      favorite

      I wonder if there is something similar to an event listener in UNIX that a program can subscribe to? Specifically I want to know:

      Start and end times of a user session
      Start and end of the applications executed by that user
      

      Any Tips?

      share|improve this question

      I wonder if there is something similar to an event listener in UNIX that a program can subscribe to? Specifically I want to know:

      Start and end times of a user session
      Start and end of the applications executed by that user
      

      Any Tips?

      ubuntu kernel linux-kernel process-management application

      share|improve this question

      share|improve this question

      share|improve this question

      share|improve this question

      edited Jun 2 ’14 at 14:49

      slm

      245k66505671

      245k66505671

      asked Jun 2 ’14 at 13:31

      Inkognito

      211

      211

          1 Answer
          1

          active

          oldest

          votes

          up vote
          1
          down vote

          Using psacct

          The events that you’re looking for can be found through psacct. Specifically I’d take a look at the tool ac which shows accounting information on users. I touch on this in this U&L Q&A titled: Commands for determining level of usage of server.

          NOTE: This is not a subscribe-able “service”, rather a tracking & reporting infrastructure that you can ask it questions.

          You can also use lastcomm (part of psacct, it has several tools in the suite) to find out when a given application was used by user X.

          Example

          $ lastcomm rm
          rm                S     root     pts/0      0.00 secs Tue Nov 14 00:39
          rm                S     root     pts/0      0.00 secs Tue Nov 14 00:39
          rm                S     root     pts/0      0.00 secs Tue Nov 14 00:38 
          

          You’ll have to dig a bit into psacct but there’s a lot of resources about it on U&L as well as google which should get you what you want.

          Using auditd

          The other tool, in the same vain as psacct‘s tracking & reporting approach is auditd. With auditd you can query to find out who and for how long program X was run.

          Example

          $ sudo ausearch -x /usr/bin/sudo | head -5
          ----
          time->Sat Dec  7 21:15:15 2013
          type=USER_AUTH msg=audit(1386468915.558:419): pid=2189 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:authentication acct="saml" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'
          ----
          time->Sat Dec  7 21:15:15 2013
          

          NOTE: The above is finding all the entries where someone ran the tool /usr/bin/sudo.

          References

          • Chapter 34. Introducing an Audit Rule Set
          • 7.7. Searching the Audit Log Files
          share|improve this answer

            Your Answer

            StackExchange.ready(function() {
            var channelOptions = {
            tags: “”.split(” “),
            id: “106”
            };
            initTagRenderer(“”.split(” “), “”.split(” “), channelOptions);

            StackExchange.using(“externalEditor”, function() {
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled) {
            StackExchange.using(“snippets”, function() {
            createEditor();
            });
            }
            else {
            createEditor();
            }
            });

            function createEditor() {
            StackExchange.prepareEditor({
            heartbeatType: ‘answer’,
            convertImagesToLinks: false,
            noModals: true,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: null,
            bindNavPrevention: true,
            postfix: “”,
            imageUploader: {
            brandingHtml: “Powered by u003ca class=”icon-imgur-white” href=”https://imgur.com/”u003eu003c/au003e”,
            contentPolicyHtml: “User contributions licensed under u003ca href=”https://creativecommons.org/licenses/by-sa/3.0/”u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href=”https://stackoverflow.com/legal/content-policy”u003e(content policy)u003c/au003e”,
            allowUrls: true
            },
            onDemand: true,
            discardSelector: “.discard-answer”
            ,immediatelyShowMarkdownHelp:true
            });

            }
            });

            draft saved
            draft discarded

            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin(‘.new-post-login’, ‘https%3a%2f%2funix.stackexchange.com%2fquestions%2f134107%2fkernel-event-listener%23new-answer’, ‘question_page’);
            }
            );

            Post as a guest

            Required, but never shown

            1 Answer
            1

            active

            oldest

            votes

            1 Answer
            1

            active

            oldest

            votes

            active

            oldest

            votes

            active

            oldest

            votes

            up vote
            1
            down vote

            Using psacct

            The events that you’re looking for can be found through psacct. Specifically I’d take a look at the tool ac which shows accounting information on users. I touch on this in this U&L Q&A titled: Commands for determining level of usage of server.

            NOTE: This is not a subscribe-able “service”, rather a tracking & reporting infrastructure that you can ask it questions.

            You can also use lastcomm (part of psacct, it has several tools in the suite) to find out when a given application was used by user X.

            Example

            $ lastcomm rm
            rm                S     root     pts/0      0.00 secs Tue Nov 14 00:39
            rm                S     root     pts/0      0.00 secs Tue Nov 14 00:39
            rm                S     root     pts/0      0.00 secs Tue Nov 14 00:38 
            

            You’ll have to dig a bit into psacct but there’s a lot of resources about it on U&L as well as google which should get you what you want.

            Using auditd

            The other tool, in the same vain as psacct‘s tracking & reporting approach is auditd. With auditd you can query to find out who and for how long program X was run.

            Example

            $ sudo ausearch -x /usr/bin/sudo | head -5
            ----
            time->Sat Dec  7 21:15:15 2013
            type=USER_AUTH msg=audit(1386468915.558:419): pid=2189 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:authentication acct="saml" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'
            ----
            time->Sat Dec  7 21:15:15 2013
            

            NOTE: The above is finding all the entries where someone ran the tool /usr/bin/sudo.

            References

            • Chapter 34. Introducing an Audit Rule Set
            • 7.7. Searching the Audit Log Files
            share|improve this answer

              up vote
              1
              down vote

              Using psacct

              The events that you’re looking for can be found through psacct. Specifically I’d take a look at the tool ac which shows accounting information on users. I touch on this in this U&L Q&A titled: Commands for determining level of usage of server.

              NOTE: This is not a subscribe-able “service”, rather a tracking & reporting infrastructure that you can ask it questions.

              You can also use lastcomm (part of psacct, it has several tools in the suite) to find out when a given application was used by user X.

              Example

              $ lastcomm rm
              rm                S     root     pts/0      0.00 secs Tue Nov 14 00:39
              rm                S     root     pts/0      0.00 secs Tue Nov 14 00:39
              rm                S     root     pts/0      0.00 secs Tue Nov 14 00:38 
              

              You’ll have to dig a bit into psacct but there’s a lot of resources about it on U&L as well as google which should get you what you want.

              Using auditd

              The other tool, in the same vain as psacct‘s tracking & reporting approach is auditd. With auditd you can query to find out who and for how long program X was run.

              Example

              $ sudo ausearch -x /usr/bin/sudo | head -5
              ----
              time->Sat Dec  7 21:15:15 2013
              type=USER_AUTH msg=audit(1386468915.558:419): pid=2189 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:authentication acct="saml" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'
              ----
              time->Sat Dec  7 21:15:15 2013
              

              NOTE: The above is finding all the entries where someone ran the tool /usr/bin/sudo.

              References

              • Chapter 34. Introducing an Audit Rule Set
              • 7.7. Searching the Audit Log Files
              share|improve this answer

                up vote
                1
                down vote

                up vote
                1
                down vote

                Using psacct

                The events that you’re looking for can be found through psacct. Specifically I’d take a look at the tool ac which shows accounting information on users. I touch on this in this U&L Q&A titled: Commands for determining level of usage of server.

                NOTE: This is not a subscribe-able “service”, rather a tracking & reporting infrastructure that you can ask it questions.

                You can also use lastcomm (part of psacct, it has several tools in the suite) to find out when a given application was used by user X.

                Example

                $ lastcomm rm
                rm                S     root     pts/0      0.00 secs Tue Nov 14 00:39
                rm                S     root     pts/0      0.00 secs Tue Nov 14 00:39
                rm                S     root     pts/0      0.00 secs Tue Nov 14 00:38 
                

                You’ll have to dig a bit into psacct but there’s a lot of resources about it on U&L as well as google which should get you what you want.

                Using auditd

                The other tool, in the same vain as psacct‘s tracking & reporting approach is auditd. With auditd you can query to find out who and for how long program X was run.

                Example

                $ sudo ausearch -x /usr/bin/sudo | head -5
                ----
                time->Sat Dec  7 21:15:15 2013
                type=USER_AUTH msg=audit(1386468915.558:419): pid=2189 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:authentication acct="saml" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'
                ----
                time->Sat Dec  7 21:15:15 2013
                

                NOTE: The above is finding all the entries where someone ran the tool /usr/bin/sudo.

                References

                • Chapter 34. Introducing an Audit Rule Set
                • 7.7. Searching the Audit Log Files
                share|improve this answer

                Using psacct

                The events that you’re looking for can be found through psacct. Specifically I’d take a look at the tool ac which shows accounting information on users. I touch on this in this U&L Q&A titled: Commands for determining level of usage of server.

                NOTE: This is not a subscribe-able “service”, rather a tracking & reporting infrastructure that you can ask it questions.

                You can also use lastcomm (part of psacct, it has several tools in the suite) to find out when a given application was used by user X.

                Example

                $ lastcomm rm
                rm                S     root     pts/0      0.00 secs Tue Nov 14 00:39
                rm                S     root     pts/0      0.00 secs Tue Nov 14 00:39
                rm                S     root     pts/0      0.00 secs Tue Nov 14 00:38 
                

                You’ll have to dig a bit into psacct but there’s a lot of resources about it on U&L as well as google which should get you what you want.

                Using auditd

                The other tool, in the same vain as psacct‘s tracking & reporting approach is auditd. With auditd you can query to find out who and for how long program X was run.

                Example

                $ sudo ausearch -x /usr/bin/sudo | head -5
                ----
                time->Sat Dec  7 21:15:15 2013
                type=USER_AUTH msg=audit(1386468915.558:419): pid=2189 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:authentication acct="saml" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'
                ----
                time->Sat Dec  7 21:15:15 2013
                

                NOTE: The above is finding all the entries where someone ran the tool /usr/bin/sudo.

                References

                • Chapter 34. Introducing an Audit Rule Set
                • 7.7. Searching the Audit Log Files
                share|improve this answer

                share|improve this answer

                share|improve this answer

                edited Nov 28 at 22:51

                answered Jun 2 ’14 at 14:56

                slm

                245k66505671

                245k66505671

                    draft saved
                    draft discarded

                    Thanks for contributing an answer to Unix & Linux Stack Exchange!

                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid

                    • Asking for help, clarification, or responding to other answers.
                    • Making statements based on opinion; back them up with references or personal experience.

                    To learn more, see our tips on writing great answers.

                    Some of your past answers have not been well-received, and you’re in danger of being blocked from answering.

                    Please pay close attention to the following guidance:

                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid

                    • Asking for help, clarification, or responding to other answers.
                    • Making statements based on opinion; back them up with references or personal experience.

                    To learn more, see our tips on writing great answers.

                    draft saved

                    draft discarded

                    StackExchange.ready(
                    function () {
                    StackExchange.openid.initPostLogin(‘.new-post-login’, ‘https%3a%2f%2funix.stackexchange.com%2fquestions%2f134107%2fkernel-event-listener%23new-answer’, ‘question_page’);
                    }
                    );

                    Post as a guest

                    Required, but never shown

                    Required, but never shown

                    Required, but never shown

                    Required, but never shown

                    Required, but never shown

                    Required, but never shown

                    Required, but never shown

                    Required, but never shown

                    Required, but never shown

                    Related Post

                    Leave a Reply

                    Your email address will not be published. Required fields are marked *