{"id":3069,"date":"2016-03-28T20:45:29","date_gmt":"2016-03-28T20:45:29","guid":{"rendered":"https:\/\/qbytes.cloud\/?p=3069"},"modified":"2016-03-28T20:45:29","modified_gmt":"2016-03-28T20:45:29","slug":"time-stamped-bash-history-logging","status":"publish","type":"post","link":"https:\/\/www.qbytes.cloud\/index.php\/2016\/03\/28\/time-stamped-bash-history-logging\/","title":{"rendered":"Time stamped bash history logging"},"content":{"rendered":"<p>Timestamped bash history logging may be a great idea for logging changes. An example would look like this:<\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\n \nMar 28 15:08:26 database root: root@192.168.1.1 &#x5B;10882]: shutdown -r now &#x5B;0]\nMar 28 15:08:31 database root: root@192.168.1.1 &#x5B;10882]: cd \/var\/log &#x5B;0]\n<\/pre>\n<p>This can be done by adding 2 lines to the root .bashrc file or as a custom file in \/etc\/profile.d\/ folder:<\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\n \nwhoami=&quot;$(whoami)@$(echo $SSH_CONNECTION | awk &#039;{print $1}&#039;)&quot;\nexport PROMPT_COMMAND=&#039;RETRN_VAL=$?;logger -p local6.debug &quot;$whoami &#x5B;$$]: $(history 1 | sed &quot;s\/^&#x5B; ]*&#x5B;0-9]\\+&#x5B; ]*\/\/&quot; ) &#x5B;$RETRN_VAL]&quot;&#039;\n\n<\/pre>\n<p>then a single line added to \/etc\/rsyslog.conf:<\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\n \nlocal6.*                \/var\/log\/bash.log\n\n<\/pre>\n<p>After this all commands will be logged to the \/var\/log\/bash.log file.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Timestamped bash history logging may be a great idea for logging changes. An example would look like this: Mar 28 15:08:26 database root: root@192.168.1.1 &#x5B;10882]: shutdown -r now &#x5B;0] Mar 28 15:08:31 database root: root@192.168.1.1 &#x5B;10882]: cd \/var\/log &#x5B;0] This can be done by adding 2 lines to the root .bashrc file or as a &#8230; <a title=\"Time stamped bash history logging\" class=\"read-more\" href=\"https:\/\/www.qbytes.cloud\/index.php\/2016\/03\/28\/time-stamped-bash-history-logging\/\" aria-label=\"Read more about Time stamped bash history logging\">Read more<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[],"class_list":["post-3069","post","type-post","status-publish","format-standard","hentry","category-administration"],"_links":{"self":[{"href":"https:\/\/www.qbytes.cloud\/index.php\/wp-json\/wp\/v2\/posts\/3069","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.qbytes.cloud\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.qbytes.cloud\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.qbytes.cloud\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.qbytes.cloud\/index.php\/wp-json\/wp\/v2\/comments?post=3069"}],"version-history":[{"count":0,"href":"https:\/\/www.qbytes.cloud\/index.php\/wp-json\/wp\/v2\/posts\/3069\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.qbytes.cloud\/index.php\/wp-json\/wp\/v2\/media?parent=3069"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.qbytes.cloud\/index.php\/wp-json\/wp\/v2\/categories?post=3069"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.qbytes.cloud\/index.php\/wp-json\/wp\/v2\/tags?post=3069"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}