• What is Snoopy?
• News
• Latest version
• Installation
• Output
• Configuration
• FAQ - Frequently asked questions
• Security disclaimer
• Contributing to Snoopy development
• Getting support
• License
• Online resources
• Credits

Snoopy is a small library that logs all program executions on your Linux/BSD system.

Developer documentation outlines how it actually does that (a fairly technical read). And don't miss the security disclaimer about it.

Consult ChangeLog for more information.

Latest release	Version	Status	Download location
Stable	2.5.1		All release packages can be found over there 👉 in the Releases section.
Development	master	SonarCloud:	git clone [email protected]:a2o/snoopy

Starting with version 2.5.0, repositories with binary packages are provided for major Linux distributions. Here is a guide to installing Snoopy from package repositories.

WARNING: If you've installed Snoopy from source (i.e. using the install-snoopy.sh script method below) before, it's best to remove it before installing it from a package repository. This guide contains steps to remove "manually" installed Snoopy from your system.

Alternatively, the original method of installing Snoopy from source is still available:

wget -O install-snoopy.sh https://github.com/a2o/snoopy/raw/install/install/install-snoopy.sh &&
chmod 755 install-snoopy.sh &&
sudo ./install-snoopy.sh stable

More information is available in the doc/INSTALL.md document.

This is what typical Snoopy output looks like:

2015-02-11T19:05:10+00:00 labrat-1 snoopy[896]: [uid:0 sid:11679 tty:/dev/pts/2 cwd:/root filename:/usr/bin/cat]: cat /etc/fstab.BAK
2015-02-11T19:05:15+00:00 labrat-1 snoopy[896]: [uid:0 sid:11679 tty:/dev/pts/2 cwd:/root filename:/usr/bin/rm]: rm -f /etc/fstab.BAK
2015-02-11T19:05:19+00:00 labrat-1 snoopy[896]: [uid:0 sid:11679 tty:/dev/pts/2 cwd:/root filename:/usr/bin/tail]: tail -f /var/log/messages

These are default output locations on various Linux distributions:

For actual output format and destination, check your Snoopy and syslog configuration.

If the configuration file support is available in your Snoopy build (it probably is), Snoopy can be reconfigured on-the-fly.

The configuration file is (most likely, but depending on the build) located at /etc/snoopy.ini.

Supported configuration directives are explained in the default configuration file.

Frequently asked questions and answers are collected in the doc/FAQ.md file in this repository.

WARNING: Snoopy is not a reliable auditing solution.

Rogue users can easily manipulate environment to avoid their actions being logged by Snoopy. Consult this FAQ entry for more information.

Consult the following documents for information related to Snoopy development:

• CONTRIBUTING.md
• HACKING-OVERVIEW.md
• HACKING-INTERNALS.md
• HACKING-QA.md (Autoscan, Travis-CI and Valgrind-related sections)

Information is available in a dedicated document about getting support.

Snoopy is released under GNU General Public License version 2.

Snoopy development is located at the following URI:

• https://github.com/a2o/snoopy/

Additional git repository mirrors (read-only) are available here:

• https://gitlab.com/a2o/snoopy/
• https://bitbucket.org/snoopylogger/snoopy/

Snoopy Command Logger was originally created and maintained by:

• Marius Aamodt Eriksen [email protected]
• Mike Baker [email protected]

Contribution acknowledgements are available at the following locations:

• In the ChangeLog,
• In pull requests,
• In git history.

Snoopy is currently maintained by Bostjan Skufca Jese.