Termlog - System terminal I/O and key logging program - Updated

["Michael Legary" <mlegary () seccuris com>]

Termlog - System terminal I/O and key logging program
 
Author: C.S. Peron
OS: FreeBSD
 
Updates

- Added MD5 Checksum / Syslog Support
        Now MD5 Checksums of sessions are created and can be configured
to log  to a remote system; enhancing non-      repudiation of the
session files.
 

Download

http://www.seccuris.com/documents/downloads/termlog-1.0.2.tar.gz
 
 

Overview
 
Termlog is capable of performing real time synchronous monitoring and
logging of multiple system ttys. It is designed to allow system
administrators to monitor I/O between themselves and connected clients
regardless of protocol medium used. Termlog allows you to snoop
terminals based on their controlling tty, process ID or user ID. It
allows you to timestamp the return keystroke so administrators can see
the time breaks between entering commands if desired. Termlog will also
log each session to an individual file by default.
 
Termlog uses kernel event notification mechanisms on system files in
conjunction with accessing the kernels virtual memory system so it can
effectively verify system terminal activity. Because of this, Termlog
can not be easily tricked by things like the screen(1) C-a-L key binding
(Toggle a windows login slot.). Termlog is dependent on the existence of
the snp(8) device. This device must be either compiled into the kernel
or have a module loaded. If the existence of the device is not present
in the kernel, Termlog will attempt to load the module itself. Unless
otherwise specified, Termlog will attempt to open all active ttys, if
there are not enough snp nodes in /dev, Termlog will attempt to create
enough.