Log commands executed by all the users in Linux
Add below line in /etc/rsyslog.conf file
local2.info /var/log/commands-track-user
restart rsyslog service
Add below entry in /etc/bashrc
readonly PROMPT_COMMAND='history -a >(logger -p local2.info -t "$USER[$PWD] $SSH_CONNECTION")'
Execute the command 'source /etc/bashrc' or logout and login back to your session.
Now the commands executed by all the users will be logged in /var/log/commands-track-user
Add below line in /etc/rsyslog.conf file
local2.info /var/log/commands-track-user
restart rsyslog service
Add below entry in /etc/bashrc
readonly PROMPT_COMMAND='history -a >(logger -p local2.info -t "$USER[$PWD] $SSH_CONNECTION")'
Execute the command 'source /etc/bashrc' or logout and login back to your session.
Now the commands executed by all the users will be logged in /var/log/commands-track-user
No comments:
Post a Comment