Category: ‘Rsyslog’

Logging all bash command to syslog

August 18, 2014 Posted by admin

I recently had the opertunity to work with an outside web development that required full access to some of our servers. One thing that was a concern is how do we track what they are doing.

Add the following to the end of your /etc/bashrc

export PROMPT_COMMAND=’RETRN_VAL=$?;logger -p local6.debug “$(whoami) [$$]: $(history 1 | sed “s/^[ ]*[0-9]\+[ ]*//” ) [$RETRN_VAL]”‘

Next modify syslog

vi /etc/rsyslog.d/logging.conf
local6.* /var/log/bash-log.log
sudo service rsyslog restart