Session recording

[Paul Lussier]

Bill McGonigle <bill at bfccomputing.com> writes:

> I see you've already found lastcomm and friends, but it would be great 
> to know what you come up with for a correlation mechanism.

Can't you log everything possible via syslog, then write wrappers
around lastcomm, sa, sar, et al to dump that data to file, and point
splunk at the whole mess and let it do the time-event correlation for
you?


-- 
Seeya,
Paul