Log every executed command to syslog (a.k.a. Snoopy Logger).
C M4 Shell Makefile C++
Clone or download
Failed to load latest commit information.
.github github/issue template: moved steps to reproduce up, included brief gu… Apr 12, 2018
build travis: improve test suite results logging when executed via travis Apr 10, 2018
contrib Fix typos Mar 1, 2018
doc doc: Merge pull request #120 from Gerardwx/master Apr 10, 2018
etc config, doc/faq: add entry about nont-root users and file output prov… Jan 12, 2016
lib Permit long lines in INI file. Aug 25, 2017
src (src|tests)/datasource/tty*: adjust the unknown tty handling Apr 10, 2018
tests (src|tests)/datasource/tty*: adjust the unknown tty handling Apr 10, 2018
util Fix valgrind false positive with std(in|out|err) reported as not closed. Aug 28, 2015
.gitignore Update .gitignore: reduce number of explicit ignores Jun 12, 2015
.gitmodules Remove iniparser git submodule Jul 24, 2016
.travis.yml travis: improve test suite results logging when executed via travis Apr 10, 2018
COPYING License file: update with fresh/original copy directly from gnu.org. May 20, 2015
ChangeLog Release 2.4.6 Sep 14, 2016
Makefile.am Enhancement: make valgring use -v flag, to not suppress certain warni… Feb 21, 2016
README.md README: fix Flattr URL Mar 1, 2018
bootstrap.sh When bootstraping to build from git on older OS, automatically adjust… Dec 31, 2015
config.h.in Make snoopy compile on 64-bit Arch Linux with GCC 7.1.1 Jul 27, 2017
configure.ac Replace ini parsing library iniparser (ndevilla) with inih Jul 24, 2016
configure.scan autoscan changes - updating configure.scan, configure.ac is already u… Sep 14, 2016


Snoopy Logger

Snoopy is a tiny library that logs all executed commands (+ arguments) on your system. Flattr Snoopy Logger project

Master: Build Status - Master Coverity Scan

Stable: Build Status - Stable

Chat: Join the chat at https://gitter.im/a2o/snoopy

INFO: Snoopy is not a reliable auditing solution. Rogue users can easily manipulate environment to avoid logging by Snoopy. See this FAQ entry.

Table of contents


2016-09-14: Snoopy 2.4.6 released! Maintenance release.

2016-03-05: Snoopy 2.4.5 released! Maintenance release.

2015-08-28: Snoopy 2.4.4 released! Mainly maintenance release, with new filter: only_tty, which should cut down noise from non-tty processes considerably.

2015-06-18: Snoopy 2.4.0 released! Many changes, see the ChangeLog. Experimental thread safety added. All users are encouraged to upgrade to Snoopy version 2.4.0+ immediately.


The easiest way to start using Snoopy is to execute one of the following commands (as root).

To install the latest STABLE version of Snoopy, use this command:

rm -f snoopy-install.sh &&
wget -O snoopy-install.sh https://github.com/a2o/snoopy/raw/install/doc/install/bin/snoopy-install.sh &&
chmod 755 snoopy-install.sh &&
./snoopy-install.sh stable

To install the latest DEVELOPMENT version of Snoopy, use this:

rm -f snoopy-install.sh &&
wget -O snoopy-install.sh https://github.com/a2o/snoopy/raw/install/doc/install/bin/snoopy-install.sh &&
chmod 755 snoopy-install.sh &&
./snoopy-install.sh git-master

That is it. Detailed installation instructions are available here: doc/INSTALL.md

I.1 Version information and download links

Version Download URI
Latest stable release http://source.a2o.si/download/snoopy/snoopy-2.4.6.tar.gz
Latest development release (N/A, clone this git repo, use master branch)
All releases http://source.a2o.si/download/snoopy/


This is what typical Snoopy output looks like:

2015-02-11T19:05:10+00:00 labrat-1 snoopy[896]: [uid:0 sid:11679 tty:/dev/pts/2 cwd:/root filename:/usr/bin/cat]: cat /etc/fstab.BAK
2015-02-11T19:05:15+00:00 labrat-1 snoopy[896]: [uid:0 sid:11679 tty:/dev/pts/2 cwd:/root filename:/usr/bin/rm]: rm -f /etc/fstab.BAK
2015-02-11T19:05:19+00:00 labrat-1 snoopy[896]: [uid:0 sid:11679 tty:/dev/pts/2 cwd:/root filename:/usr/bin/tail]: tail -f /var/log/messages

These are default output locations on various Linux distributions:

  • CentOS: /var/log/secure
  • Debian: /var/log/auth.log
  • Ubuntu: /var/log/auth.log
  • others: /var/log/messages (potentially, not necessarily)

For actual output destination check your syslog configuration.


Most parts of Snoopy are/can be/should be configured at build time.

However, since version 2.0.0 Snoopy supports optional configuration file. Snoopy's automated installation procedure enables configuration file support by default. Configuration file path is /etc/snoopy.ini.

For additional information consult comments in default configuration file etc/snoopy.ini and read appropriate sections of doc/INSTALL.md.


S.1 Keep all communication public

Due to the fact that you need support, there is a good chance someone else will stumble upon the same issue soon too. For this reason it is crucial that all communication is kept public. Search engines can then pick this content up, index it, and hopefully present it to the next soul with the same problem.

GitHub is currently the meeting point for all Snoopy-related content. Therefore you should use GitHub issues for any kind of communication about Snoopy, with the sole exception of commercial support - that should be the only reason for contacting maintainer directly via email.

S.2 Supported Snoopy versions

Only latest released version of Snoopy is "supported"! Any version that is not the latest (stable or development) is not supported. Please do not submit any bugfix/feature/change requests related to old and thus unsupported Snoopy versions.

S.3 Reporting bugs

If you encounter an issue with Snoopy, proceed with the following steps:

  1. make sure you are using the latest version of Snoopy!
  2. this DOES NOT mean the last version 'apt-get install snoopy' provides,
  3. this means the latest version available at https://github.com/a2o/snoopy/
  4. consult FAQ first: doc/FAQ.md,
  5. search the internets (using Google for example),
  6. search the Snoopy issue tracker: https://github.com/a2o/snoopy/issues/,
  7. if the problem still persist, create a new issue on GitHub, but you must:
  8. make sure your issue is reproducible using the latest version of Snoopy,
  9. provide the following data:
  10. Snoopy version used and how did you install it?
  11. Linux distribution you are using?
  12. Which software is crashing because of Snoopy (whole system, one program)?
  13. Trace of your program that crashes.
  14. if possible, provide a patch (by creating a pull request on GitHub) that fixes (or at least tries to fix) the reported issue.

S.4 Feature requests

"I need Snoopy to do this and that!"

Heard too many times. This is Open Source software. It is created, maintained and contributed to by people who donate their time and expertise to the project. Therefore donated time is primarily spent on topics of their interest, so naturally Snoopy is subjected to FOSS toilet paradox: designing a futuristic toilet is fun, but fixing it when it gets clogged is something no one is willing to do for free. You can read the extensive explanation of this analogy here: http://blog.enfranchisedmind.com/2009/07/fyi-my-open-source-users/

If you need a specific feature that is currently not implemented, you have three options:

  1. Implement it yourself. Once done, you can:
  2. contribute it back to Snoopy by creating a pull request - you are welcome to do so;
  3. keep your code private, no one is stopping you (but make sure you comply with license restrictions).
  4. Ask someone (who has required expertise) to do it. Payment may be expected.
  5. Commercial support.

However, if you think you have came up with a very nice feature, but you do not know how to implement it, yet you think other people might find use for it, do not hesitate and open an Issue on GitHub: https://github.com/a2o/snoopy/issues That way the idea will be kept around and maybe someone will pick it up and implement it.

S.5 Free support

Use GitHub Issues: https://github.com/a2o/snoopy/issues Do not send email to maintainers for free support.

S.6 Commercial support

Commercial support for Snoopy is available. Contact current maintainer via email for details.

Contributing to Snoopy development


See doc/internals/README.md for information about internal structure of Snoopy and how all pieces fit together.


Snoopy is released under GNU General Public License version 2.

Snoopy was originally released under GNU GPLv2 license, and during the course of it's life various people contributed code to it under the same license. Therefore Snoopy continues to be released under GNU GPLv2 license, as this is the only license all contributors agreed to, up to this point.

Should some entity (individual or corporation) desire to obtain Snoopy under a different license (commercial, for example), a consent from all contributors will be required.


Snoopy development is currently located at the following URI: http://github.com/a2o/snoopy/

Additional git mirrors (read-only) are available here: https://gitlab.com/a2o/snoopy/ https://bitbucket.org/bostjan/snoopy/ https://git.teon.si/a2o/snoopy/

Snoopy Logger was originally created and maintained by: Marius Aamodt Eriksen marius@umich.edu Mike Baker mbm@linux.com

List of contributors is available at the following locations:

  • in the Snoopy's ChangeLog file;
  • in the list of pull requests on GitHub.

Snoopy is currently maintained by: Bostjan Skufca bostjan@a2o.si