Skip to content

a2o/snoopy

master
Switch branches/tags
Code

Latest commit

Signed-off-by: Bostjan Skufca Jese <bostjan@skufca.si>
6ebf79f

Git stats

Files

Permalink
Failed to load latest commit information.

Snoopy Command Logger

Table of contents

What is Snoopy?

Snoopy is a small library that logs all program executions on your Linux/BSD system.

Developer documentation outlines how it actually does that (a fairly technical read). And don't miss the security disclaimer about it.

News

Date What? Details
2022-09-28 Snoopy 2.5.1 released. Bugfix release - fixed 32-bit builds.
2022-08-19 Snoopy 2.5.0 released. Thread safety by default & binary distribution packages are finally here! :)
2021-10-17 Snoopy 2.4.15 released. Bugfix release (work around the unexpected NULL argv, #201).

Consult ChangeLog for more information.

Latest version

Latest release Version Status Download location
Stable 2.5.1 Build QA - OS Matrix (Large) / stable
Build QA - Config Matrix (Large) / stable
Code QA - Autoscan / stable
Code QA - Valgrind / stable
All release packages can be found over there 👉 in the Releases section.
Development master Build QA - OS Matrix (Large) / master
Build QA - Config Matrix / master
Code QA - Autoscan / master
Code QA - Valgrind / master
Coverity Scan
SonarCloud:
SonarCloud - Bugs
SonarCloud - Code Smells
SonarCloud - Coverage
SonarCloud - Duplicated Lines (%)
SonarCloud - Maintainability Rating
SonarCloud - Quality Gate Status
SonarCloud - Reliability Rating
SonarCloud - Security Rating
SonarCloud - Technical Debt
SonarCloud - Vulnerabilities
git clone git@github.com:a2o/snoopy

Installation

Install QA - README.md / master Install QA - install-snoopy.sh / install Install QA - OS Matrix - Install from git Release QA - OS Matrix - Install from source

Starting with version 2.5.0, repositories with binary packages are provided for major Linux distributions. Here is a guide to installing Snoopy from package repositories.

WARNING: If you've installed Snoopy from source (i.e. using the install-snoopy.sh script method below) before, it's best to remove it before installing it from a package repository. This guide contains steps to remove "manually" installed Snoopy from your system.

Alternatively, the original method of installing Snoopy from source is still available:

wget -O install-snoopy.sh https://github.com/a2o/snoopy/raw/install/install/install-snoopy.sh &&
chmod 755 install-snoopy.sh &&
sudo ./install-snoopy.sh stable

More information is available in the doc/INSTALL.md document.

Output

This is what typical Snoopy output looks like:

2015-02-11T19:05:10+00:00 labrat-1 snoopy[896]: [uid:0 sid:11679 tty:/dev/pts/2 cwd:/root filename:/usr/bin/cat]: cat /etc/fstab.BAK
2015-02-11T19:05:15+00:00 labrat-1 snoopy[896]: [uid:0 sid:11679 tty:/dev/pts/2 cwd:/root filename:/usr/bin/rm]: rm -f /etc/fstab.BAK
2015-02-11T19:05:19+00:00 labrat-1 snoopy[896]: [uid:0 sid:11679 tty:/dev/pts/2 cwd:/root filename:/usr/bin/tail]: tail -f /var/log/messages

These are default output locations on various Linux distributions:

Distribution Snoopy output location Notes
CentOS /var/log/secure
Debian /var/log/auth.log
Ubuntu /var/log/auth.log
(others) /var/log/messages (potentially, could be elsewhere)

For actual output format and destination, check your Snoopy and syslog configuration.

Configuration

If the configuration file support is available in your Snoopy build (it probably is), Snoopy can be reconfigured on-the-fly.

The configuration file is (most likely, but depending on the build) located at /etc/snoopy.ini.

Supported configuration directives are explained in the default configuration file.

FAQ - Frequently asked questions

Frequently asked questions and answers are collected in the doc/FAQ.md file in this repository.

Security disclaimer

WARNING: Snoopy is not a reliable auditing solution.

Rogue users can easily manipulate environment to avoid their actions being logged by Snoopy. Consult this FAQ entry for more information.

Contributing to Snoopy development

Consult the following documents for information related to Snoopy development:

Getting support

Information is available in a dedicated document about getting support.

License

Snoopy is released under GNU General Public License version 2.

Online resources

Snoopy development is located at the following URI:

Additional git repository mirrors (read-only) are available here:

Credits

Snoopy Command Logger was originally created and maintained by:

Contribution acknowledgements are available at the following locations:

Snoopy is currently maintained by Bostjan Skufca Jese.