JBERTELO%RKC.UFSIA.AC.BE@cunyvm.cuny.edu ( Johan Berteloot) (04/11/91)
Hello,
I have a very specific job to do and I don't know where to start. I have to
write a program that logs every activity into a file, i.e. I want a copy of the
command line every time a new command is given, together with the actual date
and time, and the date and time of the end of execution of the last command.
This program should be started from the CONFIG.SYS as INSTALL=LOGBOOK.EXE and
should write to a LOGBOOK.DAT file which is to be hidden.
I was thinking of writing this in Turbo Pascal 5.5. Any hints or directions are
very much appreciated.
P.S. The program should not slow down the computer significantly.
Thanks in advance,
-- Johan JBERTELO@BANUFS11.BITNET
JBERTELO@RKC.UFSIA.AC.BEdefaria@hpcupt3.cup.hp.com (Andy DeFaria) (04/13/91)
>/ hpcupt3:comp.lang.pascal / JBERTELO%RKC.UFSIA.AC.BE@cunyvm.cuny.edu ( Johan Berteloot) / 6:55 am Apr 11, 1991 / >Hello, > >I have a very specific job to do and I don't know where to start. I have to >write a program that logs every activity into a file, i.e. I want a copy of the >command line every time a new command is given, together with the actual date >and time, and the date and time of the end of execution of the last command. >This program should be started from the CONFIG.SYS as INSTALL=LOGBOOK.EXE and >should write to a LOGBOOK.DAT file which is to be hidden. >I was thinking of writing this in Turbo Pascal 5.5. Any hints or directions are >very much appreciated. >P.S. The program should not slow down the computer significantly. >Thanks in advance, Well you have a couple of things to consider but first off: What exactly do you mean by every activity? You seem to indicate that you want every command recorded. Are these just DOS commands typed into COMMAND.COM? If so write a simple replacement for COMMAND.COM (not really trivial but not to hard. Remember to follow the PATH variable). But what if the user invokes and action *without* COMMAND.COM (i.e. Maybe he'll remove a file using Windows 3.0 and the FileManager). Well a replacement COMMAND.COM won't catch that nor will a TSR. And even without something as sophisticated as Windows 3.0 present, many programs allow things like file manipulation or execution of a DOS command from inside the program itself. You ain't gonna catch these either. And if the program allows a shell out to DOS it ain't gonna let you run your replacement for COMMAND.COM easily. I'm continually amazed by people who assume that there system is safe from people using DOS commands by putting up a stupid front end menu system when a simple "go to Lotus 1-2-3 and do /S" will get them back to DOS.
davidr@hplsla.HP.COM (David M. Reed) (05/03/91)
I have a Public Domain program from PC Magazine that performs this logging. I use it to keep track of activities on a shared system. It's one flaw is that it does not catch the COMMAND.COM _internal_ commands (eg. COPY, DEL, MKDIR, RMDIR, etc.). As I particularly wanted to know when someone was deleting a file I determined to make the internal commands less easily accessible. The preferred was is to use a binary editor and locate each internal command and rename it, and the provide comparable external commands (such as is available with the MKS Toolkit). However I chose to simply use a feature of the Public Domain program NDOSEDIT, a 3K TSR command recall/edit program (using the arrow keys), which can have aliases defined. These aliases map the internal commands to the external versions I have, which subsequently get logged to a file. While it is not perfect, it is simple and reliable enough for my purposes.
jnelson@plains.NoDak.edu (Jim Nelson) (05/17/91)
In article <6490012@hplsla.HP.COM> davidr@hplsla.HP.COM (David M. Reed) writes: >I have a Public Domain program from PC Magazine that performs this logging. >I use it to keep track of activities on a shared system. It's one flaw is >that it does not catch the COMMAND.COM _internal_ commands (eg. COPY, DEL, >MKDIR, RMDIR, etc.). Well, this could be construed as extreme, but try 4DOS. It's a command.com replacement that has the ability to log EVERYTHING, including resident commands, has a history list for recalling commands, and a whole bunch of other neat functions. It's Shareware, but it's good shareware. Strike that. Great Shareware. -- .sig? What .sig? Ohhhh, *THIS* .sig. Jim, in the Land of the Lost. disclaimer: These are just opinions. If you want 'em, you can have 'em.