ttylog - Log tty sessions
$Id: ttylog,v 1.23 2011/12/19 15:45:41 rob Exp $
ttylog tty or ttylog -t tty [ -w file ] or ttylog -r file [ -b file ] [ -i file ] [ -o file ]
Type "w" to obtain the desired tty:
[root@host root]# w 9:01am up 81 days, 16:06, 5 users, load average: 0.00, 0.00, 0.00 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT root pts/0 admin.com 8:19am 0.00s 0.39s 0.05s w joe pts/1 workstation.wi 8:02am 39:33 2.63s 2.19s pine hacker pts/4 client.isp.com 8:45am 5.00s 27.95s 1.45s vim devil.cfg [root@host root]#
Then connect to monitor what is being typed or what is seen through the tty:
[root@host root]# ttylog pts/4
There are three modes:
DIRECT (tty): Show terminal output for a given tty to stdout. This means that you will see whatever the user sees.
WRITE (-t tty): Attach to a tty and log the I/O to a trace file for future analysis.
READ (-r file): Analyze a trace file for key strokes or for terminal output or for bandwidth usage.
--tty tty Specify which psuedo terminal to use Example: --tty pts/1 --write file Save the packet data to a file for later analysis Example: --write trace.log --read file Read from a saved packet file Example: --read trace.log --bandwidth file Log network bandwidth used to a file Example: --bandwidth ssh.bytes_log --input file Log keystrokes sent to terminal to a file Example: --input keyboard.log --output file Log terminal output to a file Example: --output terminal.log --help Show this usage message.
Note that all options may be abbreviated, i.e., "-h" is the same as "--help".
This utility is intended for attaching to currently running tty sessions for the purposes of administration, shell assisting, bandwidth tracking, and logging for debugging or training. Unlike other tty sniffers, this utility does not require any patches to the kernel or any system configuration modifications or tweaking. You can even install it AFTER someone has logged in and connect on the fly to instantly view their session which has already been currently running for a long time.
Please be sensitive to the privacy of others! The author will not be held liable for any violation of privacy or damage that may be caused by unauthorized use of this utility. It is left to the discretion of the user of this application to deem what is appropriate.
This utility has been designed and is only known with work under the Linux platform, specifically the RedHat flavor, but possibly others. It requires that the strace utility be installed within the PATH. It assumes the tty sessions to be logged have been created from the sshd server. It does not work for terminal logins directly from the console. You must be the root user for permissions to use this program effectively. It is recommended that you have a very large screen and maximize your client because you will be seeing the terminal in the same dimensions as the tty of the user you are connecting to and you might not be able to see everything if your screen is constantly wrapping. The user must type at least one character to begin monitoring. Also, it is not recommended to log your own tty session as it may cause an infinite loop. If you really need to log your session, just send it to a trace file (using -w) and analyze it later (using -r) after your session is finished.
Rob Brown rob@asquad.com A-Squad.Com
Copyright 2004-2011 All rights reserved Artistic License
w(1) strace(1)
To install ttylog, copy and paste the appropriate command in to your terminal.
cpanm
cpanm ttylog
CPAN shell
perl -MCPAN -e shell install ttylog
For more information on module installation, please visit the detailed CPAN module installation guide.