-
Title
How to enable keystroke logging -
Description
UPM (Privilege Manager) can record all data sent to and from the user by enabling I/O logging.
-
Resolution
Keystoke logging is enabled by configuring the pm.conf file that contains your existing UPM configuration. The iolog function is required to log the users UPM session. We recommend searching the documentation for "iolog" and "mktemp" as there are several examples of its use.
Here is a brief example of a pm.conf that uses keystroke logging. The user testuser is allowed to run all commands as root, but is always keystroke logged in a unique file within /usr/local/bin/log. The file name is then constructed from the username, the command run and a unique identifier (the XXX).# Example pm.conf to keystroke log the user
testuser
if (user=="testuser") {
# Re-check user's own password
if(!getuserpasswd(user))
reject;
runuser="root";
#enable keystroke logging for this user
iolog = mktemp("/usr/local/bin/log." + user + "." + command + ".XXX");
accept;
# End of file -
Additional Information
Related Links:
"How to set a limit on the iolog"
https://support.quest.com/SUPPORT/index?page=solution&id=SOL35577