BSD Guides :: Doing Stuff With FreeBSD, NetBSD, OpenBSD, & Mac OS X

Now serving 104 guides.  RSS Feeds

KeptPrivate - Secure Private E-Mail Provider

Guide Search:

Home | Guides | Requests | Stats
Username: Password: | Forgot Password

Contribute | Register Now

Print View

Watch Terminal Activity
Updated: 07/15/2005


General Information

Have you ever had a user login to your box and then ask you for help?  Or have you ever been curious as to what your users are doing on your system?  The watch(8) utility will let you snoop another tty, allowing you to see what your other users are doing and even interact with them.  It's a must-have utility for every network administrator.

Requirements

  1. Local root access on the box or be able to su to root.
  2. A SSH client that supports ANSI colors such as puTTy or SecureCRT (if you aren't on the box).
  3. Your favorite text editor (I prefer nano)

Installation

For the 5.x branch, there is no installation needed.  Everything required for watch is already installed.

For the 4.x branch, we have to compile a kernel with snp support.  So, add the following to your kernel configuration:
# nano -w /usr/src/sys/i386/conf/MYKERNEL

***output omitted***
pseudo-device   snp     4
***output omitted***
This compiles the snp snooping utility and you can change the 4 to however many terminals you plan on watching at any given time.  Now, compile and install your kernel.

Usage

You need to know which tty you wish to watch, so if you don't know it you can find out.
# who
jon              ttyp0    Oct 19 12:10 (192.168.0.20)
steve            ttyp1    Oct 19 12:15 (192.168.0.23)
Let's say we want to see what steve is up to.  The syntax is:

Note:  You must aquire root priveleges first as watch(8) can only be used as root.

# watch [options] tty
We can simply issue the following to see what he is doing:
# watch ttyp1
Now, if steve is requesting help, you can interactively watch his terminal with:
# watch -W ttyp1
Whatever he types, you see and whatever you type, he sees.  It's a beautiful thing.  Now the next thing to know is what you can do once you are in watch.
<control-G>
     Exit watch.
<control-W>
     Clear screen.
<control-X>
     Change attached tty, unless this feature is disabled, in which case
     control-X is passed to the terminal as with other control characters.
That's all there is to watching your other user's activity.

Author: Jon LaBass
jon at bsdguides dot org

Find this guide useful?
Support the author:

2 Comments

Posted by X-Istence on March 01, 2005 at 4:56:01 pm EET

If you don't want to recompile the kernel on FreeBSD 4.x you can also use screen to get the same effect.

man screen for more info.

Posted by X-Istence on March 01, 2005 at 4:56:01 pm EET

For 5.x you do need to configure some stuff.

First off, you can't use watch if your securelevel is set higher than 1. As you can't load kernel modules, so loading snp will fail, and watch will fail.

So in case you do want to use it with securelevel set at a high level, make sure to add snp do your kernel configuration file.

Login to comment.

Copyright 2003 - 2008 BSD Guides.  All rights reserved.

About | Terms of Use | Privacy | Contact