To log commands executed by users on Linux shell, edit file
vi /etc/bash.bashrc
Add
export PROMPT_COMMAND='RETRN_VAL=$?;logger -p local6.debug "$(whoami) [$$]: $(history 1 | sed "s/^[ ]*[0-9]\+[ ]*//" ) [$RETRN_VAL]"'
Create file
vi /etc/rsyslog.d/bash.conf
Add
local6.* /var/log/commands.log
Restart rsyslog
systemctl restart rsyslog
Now log off and login, you will be able to see all commends executed by users on bash shell in file /var/log/commands.log
Log rotating
edit
vi /etc/logrotate.d/rsyslog
Find
/var/log/kern.log
Add below
/var/log/commands.log
Leave a Reply