Path: utzoo!attcan!uunet!van-bc!twg!bill
From: bill@twg.UUCP (Bill Irwin)
Newsgroups: comp.unix.questions
Subject: Re: Can the output to a terminal be monitored?
Summary: the "tee" process can store output to a file
Message-ID: <165@twg.UUCP>
Date: 3 Jun 90 03:46:14 GMT
References: <2784@syma.sussex.ac.uk> <270@demott.COM>
Reply-To: bill@.UUCP (Bill Irwin)
Organization: TWG The Westrheim Group, Vancouver BC
Lines: 40
Expires:
Sender:
Followup-To:
Distribution:
Keywords:

In article <270@demott.COM> kdq@demott.COM (Kevin D. Quitt) writes:
>
>    Is there a way that I (as root) can "tap into" a user to monitor
>terminal activity?  I specifcally would like to do this for the modem line.

I have had some success using the "tee" process.  In the user's .profile,
when  it  got  to the place where the local menu system was going  to  be
brought up, I modified it to read:

menu | tee > .../.monitor

This  basically  pumps  all  screen  I/O from  that  point  on  into  the
".monitor" file.  If you use append (">>"), each session will be appended
to  the  end of the file.  The tricky part is that all  escape  sequences
sent  to  the  terminal  are  captured in the file.  If  you  do  a  "cat
.monitor",  you will see a very fast version of the user's session  (fast
because  any  time the user spent thinking or looking at the screen  will
not  be  reflected in your viewing session), as though you  were  looking
over  their  shoulder.  But you need to view with the same terminal  type
that the user used, so that your terminal responds properly to the escape
sequences fed to it from .monitor.

In my experience, as soon as the user entered an application that put the
terminal  into "raw" mode, output into .monitor was suspended until  they
exited  the application and became "cooked" again.  This was frustrating.
Kind  of  like following a lady spy and watching her go into  the  ladies
room.  You have to hang around outside waiting for her to out.  How knows
what secrets she passed on while she was in there!

Also,  I found that vi sessions didn't behave properly for the user being
monitored.   You  loose  the advantage of secrecy if the user  knows  (or
suspects) they are being observed.

I would be very interested in reading some responses that would suggest a
solution to the vi and raw mode problems.
-- 
Bill Irwin - TWG The Westrheim Group - Vancouver, BC, Canada
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
uunet!van-bc!twg!bill     (604) 431-9600 (voice) |     UNIX Systems
Bill.Irwin@twg.bc.ca      (604) 431-4629 (fax)   |     Integration