5 Jun 2009

log user activities

problem in this article is what a server knows, and what a client can do?

last week I faced with a question that hard to be answered. the question is how can we monitor user's activities using log files stored at her/his computer (who was authenticated with WinSSHD server, what transfered in-out that server through SFTP feature using Tunellier).

first thing I *should* do is explaining to who ask this question what different between a server and client, in this issue:

  • WinSSHD is a server and its duty is open its port with some security policy (if system admin cares), wait for client to connect.
  • Tunellier is such a client, and it requires a server to connect to.

Tunellier runs on user's computer with his privilege, thus he can delete or hide auto-save Tunnellier logs everytime, whenever he wants, what makes he stop doing this? no such thing or applications can do that stupid job? or if you think or you've found another super client-side application can prevent user from delete auto-log, what stop users from using another SFTP clients?

I never think a system administrator must collect log files at every computer at his office and use it to determine what users did? what makes he faced with problem, what makes server broken down, or something likes that. all what he could or *should* do is logging at server-side, where application designed to do its job, produce its log. If an administrator is good enough, he will never need to login to every client computer to know who-what makes error?

someone told me that there's many ways to administrate a network system, and I know exactly that I never know as much as I need, noone knows enough, but with some situations, why we try to make it so serious? just keep it simple and wait for what will be the next Cool


Add to PageflakesAdd to My AOLAdd to The Free DictionaryAdd to Google Reader or HomepageAdd to Webwag

No comments:

Disqus