If you want to keep a trace all Linux user commands in a log file,
Follow below-mentioned steps:
1)** Edit /etc/rsyslog.d/bash.conf
vi /etc/rsyslog.d/bash.conf
and add the following:
local6.* /var/log/commands.log
2)** Open /root/.bashrc:
sudo -e /etc/bashrc
and add this line:
export PROMPT_COMMAND='RETRN_VAL=$?;logger -p local6.debug "$(whoami) [$$]: $(history 1 | sed "s/^[ ]*[0-9]\+[ ]*//" )"'
Run the following to load the changes:
source /etc/bashrc
3)** Edit /etc/logrotate.d/syslog:
sudo -e /etc/logrotate.d/syslog
and add the following line:
/var/log/commands.log
4)** Restart rsyslog service:
sudo service rsyslog restart
5)** With the above, the logs are saved in /var/log/commands.log in the following format:
Enjoy.... @taybkhan@
tail -f /var/log/commands.log
No comments:
Post a Comment