Logging Linux Commands for all users

To log commands executed by users on Linux shell, edit file

vi /etc/bash.bashrc

1	vi /etc/bash.bashrc

Add

export PROMPT_COMMAND='RETRN_VAL=$?;logger -p local6.debug "$(whoami) [$$]: $(history 1 | sed "s/^[ ]*[0-9]\+[ ]*//" ) [$RETRN_VAL]"'

1	export PROMPT_COMMAND='RETRN_VAL=$?;logger -p local6.debug "$(whoami) [$$]: $(history 1 \| sed "s/^[ ][0-9]\+[ ]//" ) [$RETRN_VAL]"'

Create file

vi  /etc/rsyslog.d/bash.conf

1	vi /etc/rsyslog.d/bash.conf

Add

local6.*    /var/log/commands.log

1	local6.* /var/log/commands.log

Restart rsyslog

systemctl restart rsyslog

1	systemctl restart rsyslog

Now log off and login, you will be able to see all commends executed by users on bash shell in file /var/log/commands.log

Log rotating

edit

vi /etc/logrotate.d/rsyslog

1	vi /etc/logrotate.d/rsyslog

Find

/var/log/kern.log

1	/var/log/kern.log

Add below

/var/log/commands.log

1	/var/log/commands.log