HTML Code:
archive_history() { HISTORYOLD=${HISTFILE}.archive CURTIME=`date` CURTTY=`tty` IP=$(echo $SSH_CLIENT | awk '{print $1}') if [ x$HISTDUMPPED = x ]; then echo "#-${HOSTNAME}-- ${CURBASHDATE} - ${CURTIME} ($CURTTY) ${USER} ${IP}----" >> $HISTORYOLD history $(($HISTCMD-${CURBASHSTART-0})) | sed -e 's/^[ ]*[0-9][0-9]* [ ]*//g' >> $HISTORYOLD export HISTDUMPPED=1 fi } exit () { archive_history builtin exit }
then add following line in .bash_logout in each user home's dir.
vi /home/oracle/ .bash_logout
archive_history >> .bash_logout
you can see all details by like " command date ipaddress/username"
after doing above all step once login, run some command and then logout and then login
and then check "cat .bash_history.archive"
with your script i am getting output like this :
cat /home/oracle/.bash_history.archive
#-test2.fatima-group.com-- - Thu Mar 27 17:38:23 PKT 2014 (/dev/pts/2) oracle 10.1.8.226----
2014-03-27 17:38:23 logout
#-test2.fatima-group.com-- - Thu Mar 27 17:41:11 PKT 2014 (/dev/pts/4) oracle 10.1.8.244----
2014-03-27 17:41:11 logout
#-test2.fatima-group.com-- - Thu Mar 27 17:52:02 PKT 2014 (/dev/pts/3) oracle 10.1.8.226----
2014-03-27 17:52:02 logout
There are 2 problems , i mean which i want to fulfill my requirement
Problem 1 : i am not getting command which is executed by user
problem2 : i should get all details in .bash_history.archive even if i close my terminal ( i mean i just close my ssh terminal and dont type exit or logout )
thanks in advance
---------- Post updated 03-28-14 at 12:22 PM ---------- Previous update was 03-27-14 at 06:25 PM ----------
You can add this two lines to /etc/profile or /etc/bashrc in order to log all commands executed by bash:
whoami="$(whoami)@$(echo $SSH_CONNECTION | awk '{print $1}')" export PROMPT_COMMAND='RETRN_VAL=$?;logger -p local3.debug "$whoami [$$]: $(history 1 | sed "s/^[ ]*[0-9]\+[ ]*//" ) [$RETRN_VAL]"'
This will use syslog to record every executed command along with the user who did and it's IP address in a format like this:
Jan 8 08:43:49 xpto local3.debug root: root@192.168.x.y [29385]: ls -al [
0] Additionally you can add the line below to your syslog configuration ( /etc/syslog.conf ) to redirect the local3 messages to a specific file.
local3.* /var/log/prompt.log
i have also followed the code i just typed but it is not showing any output.
can any one help me with this ?