I have to generate an alert pop-up notification which appears on the bottom-right of the screen when sudo command is typed and also logged in /var/log/warn. I assume to configure rsyslog.conf to something like
if ($msg == ‘sudo’)
then *emerg logger -p user.emerg …
I cannot get that to work through.
Also having trouble using grep to filter files that sent by specific host and within a time-range in /var/log/messages. For instance, filter files that sent by kernel in the afternoon today or yesterday. I only got upto: sudo grep --color ‘kernel’. I cannot figure out how to use AND operation in grep as when I tried sudo grep --color ‘kernel |^Oct’ /var/log/messages, it will just highlight either having Oct at the beginning or kernel.
It is an advantage most of the time when you tell your potential helpers which version of openSUSE you use. Also, I see you mention “bottom right of th screen”. I assume that is in a
user’s loged in desktop. Must that be all kinds of desktops? Or do you have a specific one in mind.
Also I am not quite sure that the description what should happen when is precise enough (but that may be just me). Do I understand that in the case that one of the users loged in in the system using the real console (CLI) or a terminal emulator (from the GUI) starts the /usr/bin/sudo program (only the typing of the string “sudo” as you say it above, does not trigger very much IMHO), a pop-up must appear on the screen of all (or maybe only one, but which one) users loged in in the GUI on the system?
Depending on what you’re doing, you might be able to accomplish the “and” logic by piping grep twice… In the following example the results would be only entries with string1 “and” string2
eg
Without more info like Henk said it will be hard to tell. Like if the sudo command is typed? I assume in the shell but which shell? Also i assume you are using some key logger apps/tool of some sort.
What do you mean with that? We asked for the version of openSUSE you use. The above does not answer that. When you do not know, post the output of
cat /etc/os-release
And please do so between CODE tags, which you get by clicking on the # button in the tool bar of the post editor.
Also people asked for a more precise definition of what you want to achieve. The above does not contain anything to clarify your goal.
It is nice when you say “Thanks for all replies.”, but when you do not take the trouble to answer questions, the trouble others take to try to help you will be in vain and people will stop talking to you.
> Also people asked for a more precise definition of what you want to
> achieve. The above does not contain anything to clarify your goal.
>
> It is nice when you say “Thanks for all replies.”, but when you do not
> take the trouble to answer questions, the trouble others take to try to
> help you will be in vain and people will stop talking to you.
Also, there are two very different questions here. One is about rsyslog,
another about grep. I hesitate which one to reply .
On 13.1, sudo already logs. If you manage to create the emergency
message, you will be pestered by cronjobs triggering it.
–
Cheers / Saludos,
Carlos E. R.
(from 13.1 x86_64 “Bottle” at Telcontar)
