Thursday, 18 September 2014

How to log bash (all users or specific user) history to syslog


There are two methods to get this thing done.

1. Trap method - drop the following snippet into either the per-user or system-wide bash profile (~/.bash_profile or /etc/profile, respectively)
unset HISTSIZE HISTFILESIZE export HISTTIMEFORMAT='%F %T' function log2syslog
{
   declare COMMAND
   COMMAND=$(fc -ln -0)
   logger -p local1.notice -t bash -i -- "${USER}:${COMMAND}"
}
trap log2syslog DEBUG


2. Prompt Method - this method logs by hacking the prompt command to call history and write to syslog.
PROMPT_COMMAND='history -a >(tee -a ~/.bash_history | logger -t "$USER[$$] $SSH_CONNECTION")'

No comments:

Post a Comment