Log every executed command to syslog (a.k.a. Snoopy Logger).
C M4 Shell Makefile C++
Latest commit 2b551bb Jul 28, 2016 @bostjan bostjan Merge remote-tracking branch 'github-gitter-badger/gitter-badge'
Also fix the readme order issue - move badge to the cluster of other badges.
Failed to load latest commit information.
.github Let's use Github's new issue and pull request template features - add… Feb 21, 2016
build Update travis configure flags generation script to test syslog option… Mar 5, 2016
contrib Update changelog Nov 2, 2015
doc Disable install make check step: problems on systems where Snoopy is … Mar 5, 2016
etc config, doc/faq: add entry about nont-root users and file output prov… Jan 12, 2016
lib Merge branch 'enhancement/thread-safety' Jun 17, 2015
src Refactoring: move libsnoopy.c contents to more appropriate dir/file n… Jan 27, 2016
tests Refactoring: move libsnoopy.c contents to more appropriate dir/file n… Jan 27, 2016
util Fix valgrind false positive with std(in|out|err) reported as not closed. Aug 28, 2015
.gitignore Update .gitignore: reduce number of explicit ignores Jun 12, 2015
.gitmodules Refactoring: migrate iniparser to version 4.0. Also switch it to prop… Jun 1, 2015
.travis.yml converity build: replace standard build with --enable-everything Mar 5, 2016
COPYING License file: update with fresh/original copy directly from gnu.org. May 20, 2015
ChangeLog Release 2.4.5 Mar 5, 2016
Makefile.am Enhancement: make valgring use -v flag, to not suppress certain warni… Feb 21, 2016
README.md Merge remote-tracking branch 'github-gitter-badger/gitter-badge' Jul 28, 2016
bootstrap.sh When bootstraping to build from git on older OS, automatically adjust… Dec 31, 2015
config.h.in configure.ac: add function requirement localtime_r Mar 5, 2016
configure.ac configure.ac: add function requirement localtime_r Mar 5, 2016
configure.scan configure.ac: add function requirement localtime_r Mar 5, 2016


Snoopy Logger

Snoopy is a tiny library that logs all executed commands (+ arguments) on your system. Flattr Snoopy Logger project

Master: Build Status - Master Coverity Scan

Stable: Build Status - Stable

Chat: Join the chat at https://gitter.im/a2o/snoopy

INFO: Snoopy is not a reliable auditing solution. Rogue users can easily manipulate environment to avoid logging by Snoopy. See this FAQ entry.

Table of contents


2016-03-05: Snoopy 2.4.5 released! Maintenance release.

2015-08-28: Snoopy 2.4.4 released! Mainly maintenance release, with new filter: only_tty, which should cut down noise from non-tty processes considerably.

2015-06-18: Snoopy 2.4.0 released! Many changes, see the ChangeLog. Experimental thread safety added. All users are encouraged to upgrade to Snoopy version 2.4.0+ immediately.

2015-05-12: Snoopy 2.3.0 released! This Snoopy version contains many improvements, bugfixes, new features and quite improved build process. All users are encouraged to upgrade to Snoopy version 2.3.0+ as soon as possible.


The easiest way to start using Snoopy is to execute one of the following commands (as root).

To install the latest STABLE version of Snoopy, use this command:

rm -f snoopy-install.sh &&
wget -O snoopy-install.sh https://github.com/a2o/snoopy/raw/install/doc/install/bin/snoopy-install.sh &&
chmod 755 snoopy-install.sh &&
./snoopy-install.sh stable

To install the latest DEVELOPMENT version of Snoopy, use this:

rm -f snoopy-install.sh &&
wget -O snoopy-install.sh https://github.com/a2o/snoopy/raw/install/doc/install/bin/snoopy-install.sh &&
chmod 755 snoopy-install.sh &&
./snoopy-install.sh git-master

That is it. Detailed installation instructions are available here: doc/INSTALL.md

I.1 Version information and download links

Version Download URI
Latest stable release http://source.a2o.si/download/snoopy/snoopy-2.4.5.tar.gz
Latest development release (N/A, clone this git repo, use master branch)
All releases http://source.a2o.si/download/snoopy/


This is what typical Snoopy output looks like:

2015-02-11T19:05:10+00:00 labrat-1 snoopy[896]: [uid:0 sid:11679 tty:/dev/pts/2 cwd:/root filename:/usr/bin/cat]: cat /etc/fstab.BAK
2015-02-11T19:05:15+00:00 labrat-1 snoopy[896]: [uid:0 sid:11679 tty:/dev/pts/2 cwd:/root filename:/usr/bin/rm]: rm -f /etc/fstab.BAK
2015-02-11T19:05:19+00:00 labrat-1 snoopy[896]: [uid:0 sid:11679 tty:/dev/pts/2 cwd:/root filename:/usr/bin/tail]: tail -f /var/log/messages

These are default output locations on various Linux distributions:

  • CentOS: /var/log/secure
  • Debian: /var/log/auth.log
  • Ubuntu: /var/log/auth.log
  • others: /var/log/messages (potentially, not necessarily)

For actual output destination check your syslog configuration.


Most parts of Snoopy are/can be/should be configured at build time.

However, since version 2.0.0 Snoopy supports optional configuration file. Snoopy's automated installation procedure enables configuration file support by default. Configuration file path is /etc/snoopy.ini.

For additional information consult comments in default configuration file etc/snoopy.ini and read appropriate sections of doc/INSTALL.md.


S.1 Keep all communication public

Due to the fact that you need support, there is a good chance someone else will stumble upon the same issue soon too. For this reason it is crucial that all communication is kept public. Search engines can then pick this content up, index it, and hopefully present it to the next soul with the same problem.

GitHub is currently the meeting point for all Snoopy-related content. Therefore you should use GitHub issues for any kind of communication about Snoopy, with the sole exception of commercial support - that should be the only reason for contacting maintainer directly via email.

S.2 Supported Snoopy versions

Only latest released version of Snoopy is "supported"! Any version that is not the latest (stable or development) is not supported. Please do not submit any bugfix/feature/change requests related to old and thus unsupported Snoopy versions.

S.3 Reporting bugs

If you encounter an issue with Snoopy, proceed with the following steps:

  1. make sure you are using the latest version of Snoopy!
    1. this DOES NOT mean the last version 'apt-get install snoopy' provides,
    2. this means the latest version available at https://github.com/a2o/snoopy/
  2. consult FAQ first: doc/FAQ.md,
  3. search the internets (using Google for example),
  4. search the Snoopy issue tracker: https://github.com/a2o/snoopy/issues/,
  5. if the problem still persist, create a new issue on GitHub, but you must:
    1. make sure your issue is reproducible using the latest version of Snoopy,
    2. provide the following data:
      1. Snoopy version used and how did you install it?
      2. Linux distribution you are using?
      3. Which software is crashing because of Snoopy (whole system, one program)?
      4. Trace of your program that crashes.
    3. if possible, provide a patch (by creating a pull request on GitHub) that fixes (or at least tries to fix) the reported issue.

S.4 Feature requests

"I need Snoopy to do this and that!"

Heard too many times. This is Open Source software. It is created, maintained and contributed to by people who donate their time and expertise to the project. Therefore donated time is primarily spent on topics of their interest, so naturally Snoopy is subjected to FOSS toilet paradox: designing a futuristic toilet is fun, but fixing it when it gets clogged is something no one is willing to do for free. You can read the extensive explanation of this analogy here: http://blog.enfranchisedmind.com/2009/07/fyi-my-open-source-users/

If you need a specific feature that is currently not implemented, you have three options:

  1. Implement it yourself. Once done, you can:
    1. contribute it back to Snoopy by creating a pull request - you are welcome to do so;
    2. keep your code private, no one is stopping you (but make sure you comply with license restrictions).
  2. Ask someone (who has required expertise) to do it. Payment may be expected.
  3. Commercial support.

However, if you think you have came up with a very nice feature, but you do not know how to implement it, yet you think other people might find use for it, do not hesitate and open an Issue on GitHub: https://github.com/a2o/snoopy/issues That way the idea will be kept around and maybe someone will pick it up and implement it.

S.5 Free support

Use GitHub Issues: https://github.com/a2o/snoopy/issues Do not send email to maintainers for free support.

S.6 Commercial support

Commercial support for Snoopy is available. Contact current maintainer via email for details.

Contributing to Snoopy development


See doc/internals/README.md for information about internal structure of Snoopy and how all pieces fit together.


Snoopy is released under GNU General Public License version 2.

Snoopy was originally released under GNU GPLv2 license, and during the course of it's life various people contributed code to it under the same license. Therefore Snoopy continues to be released under GNU GPLv2 license, as this is the only license all contributors agreed to, up to this point.

Should some entity (individual or corporation) desire to obtain Snoopy under a different license (commercial, for example), a consent from all contributors will be required.


Snoopy development is currently located at the following URI: http://github.com/a2o/snoopy/

Additional git mirrors (read-only) are available here: https://gitlab.com/a2o/snoopy/ https://bitbucket.org/bostjan/snoopy/ https://git.teon.si/a2o/snoopy/

Snoopy Logger was originally created and maintained by: Marius Aamodt Eriksen marius@umich.edu Mike Baker mbm@linux.com

List of contributors is available at the following locations:

  • in the Snoopy's ChangeLog file;
  • in the list of pull requests on GitHub.

Snoopy is currently maintained by: Bostjan Skufca bostjan@a2o.si