how to install/uninstall snoopy logger on Unix/Linux server

Snoopy logger : It is very useful tool for linux server admins which is providing a log of commands executed via shell/back end. The snoopy utility logs all commands and the user details to ‘/var/log/secure’. If you want a details of the past commands and the user details, simply refer the file /var/log/secure, more details and examples are explained below;

how to install snoopy logger on Unix/Linux server?

Do follow the below pasted steps to install Snoopy on you linux server.
Step 1: Login to your server via SSH as root user.
Step 2: Execute the following one by one.

# cd /usr/src
# wget ftp://ftp.uwsg.indiana.edu/pub/FreeBSD/ports/distfiles/snoopy-1.8.0.tar.gz
# tar xvf snoopy-1.8.0.tar.gz
# cd snoopy-1.8.0
# ./configure
# make
# make install

The make install output will display an instruction to enable the Snoopy to start the logging properly. See the details:

[root@server snoopy-1.8.0]# make install
install -m 755 -d /usr/local/lib
install -m 755 snoopy.so /usr/local/lib/snoopy.so

Snoopy shared library installed in /usr/local/lib.
Run 'make enable' to actually enable snoopy logging.

Run “make enable” command to enable it.

# make enable

Example:

[root@server ]# tail -5  /var/log/secure
Dec 30 08:37:11 jishnu snoopy[18337]: [uid:0 sid:520 tty: cwd:/usr/libexec/webmin/webmincron filename:/bin/uname]: uname -r
Dec 30 08:37:11 jishnu snoopy[18339]: [uid:0 sid:520 tty: cwd:/usr/libexec/webmin/webmincron filename:/bin/df]: df -k /
Dec 30 08:37:11 jishnu snoopy[18341]: [uid:0 sid:520 tty: cwd:/usr/libexec/webmin/webmincron filename:/bin/rpm]: rpm -q -a --queryformat %{NAME}\n%{VERSION}-%{RELEASE}\n%{EPOCH}\n%{GROUP}\n%{SUMMARY}\n\n
Dec 30 08:37:12 jishnu snoopy[18343]: [uid:0 sid:520 tty: cwd:/usr/libexec/webmin/webmincron filename:/usr/bin/vmstat]: vmstat 1 2
Dec 30 08:37:13 jishnu snoopy[18345]: [uid:0 sid:520 tty: cwd:/usr/libexec/webmin/webmincron filename:/sbin/ifconfig]: ifconfig -a

You can find out the command details from the last part of each line(Eg: uname -r, df -k, ifconfig -a) and User details from the UID part(Here UID:0 means root User). All user informations are listed in ‘/etc/password’ file, You can grep out it from there or may use the command “getent” with corresponding UID value.
Example : For the above ‘/var/log/secure‘ out the UID of the user is ‘0’.

[root@server ~]# cat /etc/passwd
root:x:0:0:root:/root:/bin/bash

With ‘getnet‘ commands:

[root@server ~]# getent passwd 0
root:x:0:0:root:/root:/bin/bash

how to uninstall/remove snoopy logger from Unix/Linux server?

To uninstall the Snoopy from server, you need to remove the snoopy reference file ‘/usr/local/lib/snoopy.so‘ from the ‘/etc/ld.so.preload‘ file and then remove the ‘vc’ file.

Step 1: vi /etc/ld.so.preload  >> Remove the reference line
Step 2: rm /usr/local/lib/snoopy.so

Then you will get the message while enabling the Snoopy;

[root@server snoopy-1.8.0]# make enable
./enable.sh /usr/local/lib
ERROR: /usr/local/lib/snoopy.so is not installed or is not executable
make: *** [enable] Error 1

Finished 🙂

Related links:
How to install Git on a cpanel server (CentOS)
How to install php-pear mail on CentOS or RHEL
How to install IonCube loader on server
iftop installation on Unix/Linux server

Arunlal Ashok

Linux Server Administrator. I'm managing Linux servers since 2012. I started this blog to share and discuss my ideas. Any questions? Write to arun (@) crybit.com

You may also like...

2 Responses

  1. January 23, 2014

    […] this also: How to install nginx as reverse proxy in a cPanel server how to install/uninstall snoopy logger on Unix/Linux server iftop installation on Unix/Linux […]

  2. February 9, 2014

    […] Snoopy logger […]

Leave a Reply

Your email address will not be published. Required fields are marked *