how to install/uninstall snoopy logger on Unix/Linux server

Snoopy logger : It is very useful tool for linux server admins which is providing a log of commands executed via shell/back end. The snoopy utility logs all commands and the user details to ‘/var/log/secure’. If you want a details of the past commands and the user details, simply refer the file /var/log/secure, more details and examples are explained below;

how to install snoopy logger on Unix/Linux server?

Do follow the below pasted steps to install Snoopy on you linux server.
Step 1: Login to your server via SSH as root user.
Step 2: Execute the following one by one.

# cd /usr/src
# wget ftp://ftp.uwsg.indiana.edu/pub/FreeBSD/ports/distfiles/snoopy-1.8.0.tar.gz
# tar xvf snoopy-1.8.0.tar.gz
# cd snoopy-1.8.0
# ./configure
# make
# make install

The make install output will display an instruction to enable the Snoopy to start the logging properly. See the details:

[[email protected] snoopy-1.8.0]# make install
install -m 755 -d /usr/local/lib
install -m 755 snoopy.so /usr/local/lib/snoopy.so

Snoopy shared library installed in /usr/local/lib.
Run 'make enable' to actually enable snoopy logging.

Run “make enable” command to enable it.

# make enable

Example:

[[email protected] ]# tail -5  /var/log/secure
Dec 30 08:37:11 jishnu snoopy[18337]: [uid:0 sid:520 tty: cwd:/usr/libexec/webmin/webmincron filename:/bin/uname]: uname -r
Dec 30 08:37:11 jishnu snoopy[18339]: [uid:0 sid:520 tty: cwd:/usr/libexec/webmin/webmincron filename:/bin/df]: df -k /
Dec 30 08:37:11 jishnu snoopy[18341]: [uid:0 sid:520 tty: cwd:/usr/libexec/webmin/webmincron filename:/bin/rpm]: rpm -q -a --queryformat %{NAME}\n%{VERSION}-%{RELEASE}\n%{EPOCH}\n%{GROUP}\n%{SUMMARY}\n\n
Dec 30 08:37:12 jishnu snoopy[18343]: [uid:0 sid:520 tty: cwd:/usr/libexec/webmin/webmincron filename:/usr/bin/vmstat]: vmstat 1 2
Dec 30 08:37:13 jishnu snoopy[18345]: [uid:0 sid:520 tty: cwd:/usr/libexec/webmin/webmincron filename:/sbin/ifconfig]: ifconfig -a

You can find out the command details from the last part of each line(Eg: uname -r, df -k, ifconfig -a) and User details from the UID part(Here UID:0 means root User). All user informations are listed in ‘/etc/password’ file, You can grep out it from there or may use the command “getent” with corresponding UID value.
Example : For the above ‘/var/log/secure‘ out the UID of the user is ‘0’.

[[email protected] ~]# cat /etc/passwd
root:x:0:0:root:/root:/bin/bash

With ‘getnet‘ commands:

[[email protected] ~]# getent passwd 0
root:x:0:0:root:/root:/bin/bash

how to uninstall/remove snoopy logger from Unix/Linux server?

To uninstall the Snoopy from server, you need to remove the snoopy reference file ‘/usr/local/lib/snoopy.so‘ from the ‘/etc/ld.so.preload‘ file and then remove the ‘vc’ file.

Step 1: vi /etc/ld.so.preload  >> Remove the reference line
Step 2: rm /usr/local/lib/snoopy.so

Then you will get the message while enabling the Snoopy;

[[email protected] snoopy-1.8.0]# make enable
./enable.sh /usr/local/lib
ERROR: /usr/local/lib/snoopy.so is not installed or is not executable
make: *** [enable] Error 1

Finished 🙂

Related links:
How to install Git on a cpanel server (CentOS)
How to install php-pear mail on CentOS or RHEL
How to install IonCube loader on server
iftop installation on Unix/Linux server

Post navigation

Arunlal Ashok

Operations Engineer at Endurance International Group. Linux lover. Like to play on Linux console. I started this blog to share and discuss Linux thoughts.

Always happy for an open discussion! Write to arun (@) crybit (dot) com. Check about me for more details. About this blog and our strong members, check The team CryBit.com
We like to travel. Our travelogues are published at Trip Mentor

2 thoughts on “how to install/uninstall snoopy logger on Unix/Linux server

Leave a Reply

Your email address will not be published. Required fields are marked *