How can I log all csh commands history to syslog?
Environment
- Red Hat Enterprise Linux 5
- Red Hat Enterprise Linux 6
Issue
- Need to keep track of all
csh commandsexecuted by users insyslog.
Resolution
- The
precmdoption allows for theexecutionof a givencommandbeforecshprompts for command line input. This option could be used to send a copy of the last command line tosyslog. - You could create a file called
/etc/profile.d/sysloghistory.cshcontaining the following:
alias precmd "history 1 | /bin/logger -p local1.notice -t `echo $SHELL`:`whoami`:`pwd`:`ip r l |cut -d' ' -f12` -i "
Note: This resolution spawns new process at each command logged, so it might not be a best solution if your system is in a heavy load.
To save this log messages into a particular log file, add below line in /etc/syslog.conf (for RHEL4/5) or /etc/rsyslog.conf (for RHEL6):
local1.notice /var/log/history.log
Run below command to apply this change:
- Red Hat Enterprise Linux 4/5
# service syslog restart
- Red Hat Enterprise Linux 6
# service rsyslog restart
For more information about the syslog.conf (RHEL4/5) or rsyslog.conf (RHEL6) configuration, please refer to its man page.
Disclaimer : Please note that the script within this article is provided for customer benefit, but, is not supported by Red Hat. Customers can use it "as it is" or by customizing it appropriately. Red Hat does not support custom scripts. Please refer the below article for scope of coverage(What Red Hat supports): support coverage
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.
