Logging Linux Commands for all users

To log commands executed by users on Linux shell, edit file

vi /etc/bash.bashrc

Add

export PROMPT_COMMAND='RETRN_VAL=$?;logger -p local6.debug "$(whoami) [$$]: $(history 1 | sed "s/^[ ]*[0-9]\+[ ]*//" ) [$RETRN_VAL]"'

Create file

vi  /etc/rsyslog.d/bash.conf

Add

local6.*    /var/log/commands.log

Restart rsyslog

systemctl restart rsyslog

Now log off and login, you will be able to see all commends executed by users on bash shell in file /var/log/commands.log

Log rotating

edit

vi /etc/logrotate.d/rsyslog

Find

/var/log/kern.log

Add below

/var/log/commands.log
Need help with Linux Server or WordPress? We can help!
Contact Us

Leave a Reply

Your email address will not be published. Required fields are marked *