Time stamped bash history logging

March 28, 2016 The Geek Decoder No Comments Administration

Timestamped bash history logging may be a great idea for logging changes. An example would look like this:

 
Mar 28 15:08:26 database root: root@192.168.1.1 [10882]: shutdown -r now [0]
Mar 28 15:08:31 database root: root@192.168.1.1 [10882]: cd /var/log [0]

This can be done by adding 2 lines to the root .bashrc file or as a custom file in /etc/profile.d/ folder:

 
whoami="$(whoami)@$(echo $SSH_CONNECTION | awk '{print $1}')"
export PROMPT_COMMAND='RETRN_VAL=$?;logger -p local6.debug "$whoami [$$]: $(history 1 | sed "s/^[ ]*[0-9]\+[ ]*//" ) [$RETRN_VAL]"'

then a single line added to /etc/rsyslog.conf:

 
local6.*                /var/log/bash.log

After this all commands will be logged to the /var/log/bash.log file.

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.