1

Ubuntu 20.04 on Hyper-V VM

I am trying to do something similar to what is written in this answer. I think this answer logs all the terminal to a certain file. I would like to be able to log all my terminal input/output by day if possible. So then when I want to know what I did on any particular day, I can go to that days log file and read the input/output of my terminal.

Adam Ch
  • 173
  • 1
    Set up a config file in /etc/rsyslog.d/ to govern log rotation and naming. See man rsyslog.conf for instructions. – user535733 May 25 '20 at 21:54
  • To start with, which Linux distro have you installed (Ubuntu server, Ubuntu desktop, Kubuntu, Lubuntu, Xubuntu, Ubuntu MATE, Mint, et al.), & which release number? Different releases have different tools for us to recommend. Please click [edit] & add that to your question, so all facts we need are in the question. Please don't use Add Comment, since that's our one-way channel to you. All facts about your PC should go in the Question with [edit] as this is a Q&A site, not a general forum, so things work differently here. – K7AAY May 26 '20 at 17:10
  • You can try other shell like Fish or Zsh instead of Bash. They have history files with timestamps. If you can install one of them also on the server side you can keep a copy. If you can't, install on your machine and issue each command with ssh to keep them at your side, client side. – msmafra Jun 08 '20 at 16:43
  • The answer you are refering to actually does log all the terminals. The commands are set in /root/.bashrc so every interactive bash shell opened by root will log to syslog. You actually just have to deal with log rotation to get what you want. – ChrisAga Jun 08 '20 at 18:38

1 Answers1

0

I don't know if you can install software on the server machine, but ZSH an FISH, alternatives to BASH shell, have timestamps store on their history files per command ran. In ZSH is stored per row and FISH use two rows per command. Both use Unix Time Stamp. zsh : 1591635588:0;ssh user@server ls /tmp fish 989 - cmd: ssh user@server ls /tmp 990 when: 1591387835

I use ZSH, with oh-my-zsh installed, instead of bash. ZSH's history file (~/.zsh_history) keep each command (row)stored as bash but puts at the beginning the Linux Time Stamp of the moment that command was ran. To keep the history at your side, client side, you can run the command via ssh:

$~> ssh user@server ls /tmp
$~> ssh user@server cat /etc/os-release

On ZSH it is store like so:

$~> cat ~/.zsh_history
: 1591635588:0;ssh user@server ls /tmp
: 1591636831:0;ssh user@server cat /etc/os-release

If you run AWK against the file you can translate the timestamps:

$~> awk -F":" '{print strftime("%Y-%m-%d %H\:%M\:%S", $2),$3}' ~/.zsh_history 
2020-06-08 14:49:10 0;ssh user@server ls /tmp
2020-06-08 14:50:04 0;ssh user@server cat /etc/os-release

You can filter by date using together with grep, for example, and send it to a file:

$~> awk -F":" '{print strftime("%Y-%m-%d %H:%M:%S", $2),$3}' ~/.zsh_history \
| grep -E "2020-06-08" > ${HOME}/2020-06-08-history.log
msmafra
  • 195