Session Logging

Privilege Management for Unix and Linux records the start of all commands and the finish of all commands not run in local mode. The session start and finish events can also be logged by using the following:

  • System wtmp or wtmpx files (recordunixptysessions)
  • Syslog system (syslogsessions)
  • PAM system (pamsessionservice)

recordunixptysessions

  • Version 3.5 and earlier: recordunixptysessions setting not available.
  • Version 4.0 and later: recordunixptysessions setting available.

The recordunixptysessions setting controls whether command start and finish events are logged to the run host utmp or utmpx files. When set to yes, the events are logged.

This keyword does not apply to pbssh. If it is present in the settings file, it does not have any effect on pbssh and is ignored.

recordunixptysessions no
recordunixptysessions yes

Run hosts

If you are using pamsessionservice, then you might need to set recordunixptysystems to no to avoid duplicate entries in your utmp or utmpx files.

When the login shell is a Privilege Management shell and I/O logging is on, an additional pty is created, which is logged in the run host’s utmp log. Note that the ut_host field is set to the run host value, not the remote host, because this pty originated on the run host.

syslogsessions

  • Version 4.0.0 and later: syslogsessions setting available.

The syslogsessions setting controls whether command start and finish events are logged to the run host syslog system. When set to yes, the events are logged.

This keyword does not apply to pbssh. If it is present in the settings file, it does not have any effect on pbssh and is ignored.

syslogsessions yes
syslogsessions no

Run hosts

If you are using pamsessionservice, then you might need to set syslogsessions to no to avoid duplicate syslog entries.