snoop-devel Mailing List for Snoop
Status: Beta
Brought to you by:
mali
You can subscribe to this list here.
2006 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
(1) |
Nov
|
Dec
|
---|
From: John A. <jo...@cc...> - 2006-10-09 21:29:00
|
Greetings, =20 I'm in the processes of writing a user space daemon that uses the snoop kernel module, and I'm wonder how hard/intrusive it would be to make the following changes to snoop's kernel module code and interface. =20 =20 1.) Change the ioctl so that it accepts a username argument (argument is optional). 2.) Change the kernel space handle so it prepends data read from that file with "username: total_bytes_read_from_this_file" if argument is supplied. =20 =20 I'm in the process of developing a daemon to monitor what users are doing on a system. The daemon uses inotify to look for opens of TTYs and new PTYs in /dev/pts/*. It will then attach each to snoop, and log them all to an endpoint (i.e. syslog, file, whatever.) The plan to is get a "recording" of a users session from start to finish. In order to do this, I need to know which text outputted by the snoop module belongs to which user. =20 I've taken a look at the kernel code and I can see where to make the changes to the ioctl call, but actually implementing the "tagging" in the output stream seems beyond me. =20 P.S. I plan on releasing the monitor daemon back to the snoop project in case they want to include it or parts of it. =20 Thanks, =20 John A. =20 =20 =20 |