Create a CLI command syslog service
echo "local6.* /var/log/commands.log" >> /etc/rsyslog.d/bash.conf systemctl restart rsyslog.service
Set global .bashrc shells to log
vi /etc/bash.bashrc
# log all bash shell sessions globally export PROMPT_COMMAND='RETRN_VAL=$?;logger -p local6.debug "$(whoami) [$$]: $(history 1 | sed "s/^[ ]*[0-9]\+[ ]*//" ) [$RETRN_VAL]"'
To test new configuration:
- Either log out and log back into your shell.
- Or source bashrc with the command
source ~/.bashrc
- Or start a new shell with the command
bash
Type a few commands… then
tail /var/log/commands.log
Leave a Reply