I want to maintain logfile for all fired command on server. We have more than 3 admins and I want to monitor all commands which are fired by these. Is it possible ?
Asked
Active
Viewed 914 times
1 Answers
0
Step 1:
vi /etc/bashrc and append the following line at the end:
export PROMPT_COMMAND='RETRN_VAL=$?;logger -p local6.debug "$(whoami) [$$]: $(history 1 | sed "s/^[ ]*[0-9]\+[ ]*//" ) [$RETRN_VAL]"'
Step 2:
Set the syslogger to trap local6 to a log file by adding this line in the /etc/rsyslog.conf file:
local6.* /var/log/cmdlog.log
The history of all the users will be in one log.
Sharma
- 28
- 3
-
done but no log found in cmdlog.log – user23750 Oct 22 '13 at 12:59
-
did you restart rsyslog service? – Sharma Oct 22 '13 at 14:26
-
yes restarted rsyslog – user23750 Oct 22 '13 at 14:42
-
oh, forgot to mention that you need to logout and login for it to work if you haven't done that. Can you see the file cmdlog.log on /var/log folder? – Sharma Oct 22 '13 at 14:43
-
not created yet ... – user23750 Oct 22 '13 at 14:44
-
can you post /etc/bashrc and /etc/rsyslog.conf – Sharma Oct 22 '13 at 14:46
-
tailf /var/log/cmdlog.log [130] --- Please tell me one more thing what is 130 here ? – user23750 Oct 22 '13 at 14:53
-
Those are return (exit) codes. Check out: http://www.tldp.org/LDP/abs/html/exitcodes.html – Sharma Oct 22 '13 at 17:41