strace -p $(pgrep -n -u user sshd) 2>&1 | perl -ne '$_ =~ /^write\(\d+, "([^"]+)"\.\.\., 1\)/ && print time()." ".$1."\n";'
Speaks for itself really. Doesn't catch 'up' and 'down' keys, but does things like new line. CBA to investigate - it served its purpose.
That didn't work for me, but this does:
ReplyDeletestrace -p $(pgrep -n sshd) 2>&1 | perl -ne '$_ =~ /^write\(\d+, "([^"]+)", 1\)/ && print time()." ".$1."\n";'
Nice addition to the toolbox, cheers :)
From what I can see, the difference is you're not using the -u user option. That is simply there because SSHD spawns a new process for each user, and -u user allows you to then key log for that user.
ReplyDelete