Logging Linux Commands for all users
To log commands executed by users on Linux shell, edit file
1 |
vi /etc/bash.bashrc |
Add
1 |
export PROMPT_COMMAND='RETRN_VAL=$?;logger -p local6.debug "$(whoami) [$$]: $(history 1 | sed "s/^[ ]*[0-9]\+[ ]*//" ) [$RETRN_VAL]"' |
Create file
1 |
vi /etc/rsyslog.d/bash.conf |
Add
1 |
local6.* /var/log/commands.log |
Restart rsyslog
1 |
systemctl restart rsyslog |
Now log off and login, you will be able to see all commends executed by users on bash shell in file /var/log/commands.log
Log rotating
edit
1 |
vi /etc/logrotate.d/rsyslog |
Find
1 |
/var/log/kern.log |
Add below
1 |
/var/log/commands.log |