Snoopy Logger
Table of contents
- What is Snoopy?
- News
- Latest version
- Installation
- Output
- Configuration
- FAQ - Frequently asked questions
- Security disclaimer
- Contributing to Snoopy development
- Getting support
- License
- Online resources
- Credits
What is Snoopy?
Snoopy is a small library that logs all program executions on your Linux/BSD system.
Developer documentation outlines how it actually does that (a fairly technical read). And don't miss the security disclaimer about it.
News
| Date | What? | Details |
|---|---|---|
| 2021-04-20 | Snoopy 2.4.14 released. | Bugfix release (long commands can cause segmentation fault, #198). |
| 2021-04-14 | Snoopy 2.4.13 released. | Minor enhancement release (added custom datetime formatting support). |
| 2021-02-09 | Snoopy 2.4.12 released. | Maintenance release - fairly important, see #191 for details. |
| 2021-02-02 | Snoopy 2.4.11 released. | Maintenance release. |
| 2020-11-30 | Snoopy 2.4.10 released. | IMPORTANT NOTICE: This Snoopy version contains a bugfix for a condition (#119) that can make your systems unstable in specific situations. All users are encouraged to upgrade to this version of Snoopy ASAP. |
| 2020-11-13 | Snoopy 2.4.9 released. | Maintenance release. On Friday 13th - let's hope for the best! 😉 |
| 2020-10-04 | Snoopy 2.4.8 released. | Maintenance release. |
Consult ChangeLog for more information.
Latest version
| Latest release | Version | Status | Download location |
|---|---|---|---|
| Stable | 2.4.14 | /badge.svg?branch=snoopy-2.4.14&raw=true){kind=icon} /badge.svg?branch=snoopy-2.4.14&raw=true){kind=icon}    |
All release packages can be found over there 👉 in the Releases section. |
| Development | master |
/badge.svg?branch=master&raw=true){kind=icon} /badge.svg?branch=master&raw=true){kind=icon}     SonarCloud: |
git clone git:github.com:a2o/snoopy |
Installation
The simplest way to start using the latest Snoopy is to execute the following commands (as root):
wget -O install-snoopy.sh https://github.com/a2o/snoopy/raw/install/install/install-snoopy.sh &&
chmod 755 install-snoopy.sh &&
sudo ./install-snoopy.sh stableThat's all.
Other installation options (i.e. installing latest development version from this git repository) are described in the doc/INSTALL.md document.
Output
This is what typical Snoopy output looks like:
2015-02-11T19:05:10+00:00 labrat-1 snoopy[896]: [uid:0 sid:11679 tty:/dev/pts/2 cwd:/root filename:/usr/bin/cat]: cat /etc/fstab.BAK
2015-02-11T19:05:15+00:00 labrat-1 snoopy[896]: [uid:0 sid:11679 tty:/dev/pts/2 cwd:/root filename:/usr/bin/rm]: rm -f /etc/fstab.BAK
2015-02-11T19:05:19+00:00 labrat-1 snoopy[896]: [uid:0 sid:11679 tty:/dev/pts/2 cwd:/root filename:/usr/bin/tail]: tail -f /var/log/messages
These are default output locations on various Linux distributions:
| Distribution | Snoopy output location | Notes |
|---|---|---|
| CentOS | /var/log/secure |
|
| Debian | /var/log/auth.log |
|
| Ubuntu | /var/log/auth.log |
|
| (others) | /var/log/messages |
(potentially, could be elsewhere) |
For actual output format and destination, check your Snoopy and syslog configuration.
Configuration
If the configuration file support is available in your Snoopy build (it probably is), Snoopy can be reconfigured on-the-fly.
The configuration file is (most likely, but depending on the build) located at /etc/snoopy.ini.
Supported configuration directives are explained in the default configuration file.
FAQ - Frequently asked questions
Frequently asked questions and answers are collected in the doc/FAQ.md file in this repository.
Security disclaimer
WARNING: Snoopy is not a reliable auditing solution.
Rogue users can easily manipulate environment to avoid their actions being logged by Snoopy. Consult this FAQ entry for more information.
Contributing to Snoopy development
Consult the following documents for information related to Snoopy development:
- CONTRIBUTING.md
- HACKING-OVERVIEW.md
- HACKING-INTERNALS.md
- HACKING-QA.md (Autoscan, Travis-CI and Valgrind-related sections)
Getting support
Information is available in a dedicated document about getting support.
License
Snoopy is released under GNU General Public License version 2.
Online resources
Snoopy development is located at the following URI:
Additional git repository mirrors (read-only) are available here:
Credits
Snoopy Logger was originally created and maintained by:
- Marius Aamodt Eriksen marius@umich.edu
- Mike Baker mbm@linux.com
Contribution acknowledgements are available at the following locations:
- In the ChangeLog,
- In pull requests,
- In git history.
Snoopy is currently maintained by Bostjan Skufca Jese.