How can I log all csh commands history to syslog?
Environment
- Red Hat Enterprise Linux 5
- Red Hat Enterprise Linux 6
- Red Hat Enterprise Linux 7
- Red Hat Enterprise Linux 8
- Red Hat Enterprise Linux 9
Issue
- Need to keep track of all
csh commands
executed by users insyslog
.
Resolution
- The
precmd
option allows for theexecution
of a givencommand
beforecsh
prompts for command line input. This option could be used to send a copy of the last command line tosyslog
. - You could create a file called
/etc/profile.d/sysloghistory.csh
containing the following:
alias precmd "history 1 | /bin/logger -p local1.notice -t `echo $SHELL`:`whoami`:`pwd`:`ip r l |cut -d' ' -f12` -i "
Note: This resolution spawns new process
at each command logged, so it might not be a best solution if your system is in a heavy load
.
To save this log messages
into a particular log
file, add below line in /etc/syslog.conf (for RHEL4/5)
or /etc/rsyslog.conf (for RHEL6)
:
local1.notice /var/log/history.log
Run below command to apply this change:
- Red Hat Enterprise Linux 4/5
# service syslog restart
- Red Hat Enterprise Linux 6
# service rsyslog restart
- Red Hat Enterprise Linux 7/8/9
# systemctl restart rsyslog
For more information about the syslog.conf (RHEL4/5)
or rsyslog.conf (RHEL6)
configuration, please refer to its man page
.
Disclaimer : Please note that the script within this article is provided for customer benefit, but, is not supported by Red Hat. Customers can use it "as it is" or by customizing it appropriately. Red Hat does not support custom scripts. Please refer the below article for scope of coverage(What Red Hat supports): support coverage
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.
Comments