Work at SourceForge, help us to make it a better place! We have an immediate need for a Support Technician in our San Francisco or Denver office.

Close

how to add username field at log file?

Help
Anonymous
2011-02-28
2013-05-23

  • Anonymous
    2011-02-28

    So far Snoopy works very well. The uid of every  historical command could be found at log file. But I want to know the username, not only the uid. How to do that? Thanks.

     

  • Anonymous
    2011-02-28

    Hi Tony,
        I read your question and I have two answer for you depending on what you are looking for.

    For a simple one time look up of a UID and mapping that to a user name you can view that in /etc/passwd. That file will provide the username and the UID for each account on the system. In some rare cases you may find the account is not in the /etc/passwd file and that normally results from the account being found in a network database like LDAP or NIS.

    For the username to be present in the log message that would require the developer to add some code. How exactly that would be done is beyond my understanding of C. If you would like this feature in future versions of snoopy logger, I would suggest adding a feature request.

    I hope this helps
    Jason

     
  • Please add this to request tracker, will look into snoopyloggeer again in the upcoming weeks. Or you can create a patch, that is also welcome:)

     

  • Anonymous
    2011-03-01

    Hey guys, thanks for all ur reply.  Yesterday I modified the code. Username is available now, at lease works fine in my vmware environment,  just replace line #99 of snnopy.c  with this: syslog(LOG_INFO, ": %s", getuid(), getlogin(), getsid(0), ttyPath, cwd, filename, logString);

    It's based on version 1.7.10.

     
  • Tony: Nice to see you made it yourself!

    However I hope you are aware of security implications and of the fact that "it is often rather easy to fool getlogin()" (check the Bugs section), here:
    http://linux.die.net/man/3/getlogin

     

  • Anonymous
    2011-03-01

    bostjanskufca: oh. yes, it's really easy to fool getlogin(). Thanks for ur remind.

    Now I use another way to get the real user name, add the following code to snoopy.c:
    #include <pwd.h>
    #include <malloc.h>

    char *getrealusername(void);

    char *getrealusername(void)
    {
      char *login_name = (char *)malloc(32 * sizeof(char));
      struct passwd *pwd;
      pwd = getpwuid(getuid());
      login_name = pwd->pw_name;
      return login_name;
    }

    modify line #99:
    syslog(LOG_INFO, ": %s", getuid(), getrealusername(), getsid(0), ttyPath, cwd, filename, logString);

     
  • External filtering has been added to version 1.8.0 which enables you to achieve equal result without patching snoopy.

    b.

     

  • Anonymous
    2011-03-18

    Using shell script ships with more cost.

     
  • mattjenkins76
    mattjenkins76
    2012-04-04

    What does line 99 read, Tony?  As in, what does the text that needs modified look like?   It doesn't look like line 99 in my snoopy.c is the correct line to modify.

     
  • mattjenkins76
    mattjenkins76
    2012-04-04

    Ignore my last question, it is no longer line 99.  In 1.8.0 you will modify this section to read as follows:

    /* Create logMessage */
            #if defined(SNOOPY_CWD_LOGGING)
                    getCwdRet = getcwd(cwd, PATH_MAX+1);
                    sprintf(logMessage, ": %s", getuid(), getrealusername(), getsid(0), ttyPath, cwd, filename, logString);
            #else
                    sprintf(logMessage,  ": %s", getuid(), getrealusername(), getsid(0), ttyPath, cwd, filename, logString);
            #endif

    It works great on the system I have tested.  Thanks, Bostjan and Tony!