1

I'm running Ubuntu Server 12.04, and trying to get all Shell command logged. I'm trying with rsyslog that there by default. I added "*.* /var/log/everything.log" in rsyslog.conf and 50-default.conf, but I'm only getting few entries(login,logout, service stop/start) and would like to have everything ls, cd [path], [Wrong command].

Do I have to modify something in rsyslog or setting any other application to verbose.

Thx SP

penreturns
  • 5,950
Sime
  • 13

3 Answers3

1

Depends what you want to do. If you want to monitor all what users run, then no, this is not easily possible. There is an administrative suite of programs called bos which can be used to monitor all running processes.

If, however, you just want to store all commands that you type, then yes, this is being done for you by bash. Bash stores a command history in ~/.bash_history. By default, however, only when a shell exits the command history is written. Read this web page if you want to customize it such that most of your history is saved.

January
  • 35,952
1

As an alternative to using bash_history, to capture every command entered in the shell by yourself and save it to file you could use something like the trap command in a script or function and place that code in .bashrc.

Fortunately, exactly the script you want was provided by Richard Hansen a while ago in this answer, and his script copies every command entered into bash and sends them (with a timestamp) to a file called .command_log by default. Once you have placed his script into your .bashrc and have launched terminal, Richard's script writes the commands to .command_log as soon as they are executed, unlike the bash_history feature, which only writes to the file after the terminal is closed.

Richard's script will record your commands like this in .command_log (although you will be using different commands to me):

2012-10-02T18:02:11+0100 /dev/pts/2 gksudo truecrypt
2012-10-02T21:52:03+0100 /dev/pts/2 xrandr -s 1280x1024
2012-10-03T00:16:52+0100 /dev/pts/2 mount
2012-10-03T00:17:12+0100 /dev/pts/2 udisks --unmount /dev/sdb1
2012-10-03T00:17:46+0100 /dev/pts/2 udisks --detach /dev/sdb

I have been using it for a while and find that Richard's script is very useful; you can even grep the .command_log and search for anything you want:

grep -i udisks .command_log 

So, I think this is probably what you want if you need to record every single thing typed into bash; I find it incredibly useful.

0

If you want a entire session logged (ie. both commands typed AND results from those commands) use:

script

Without arguments, it will save the results to a file in the current directory called "typescript".

script bogus.txt will save to "bogus.txt"

See man page for complete list of commands man script

john
  • 151
  • 2