1. 添加bash全局配置文件:
cd /etc/profile.d
sudo -e vi log_command.sh
輸入如下內容:
export PROMPT_COMMAND='RETRN_VAL=$?;logger -p local6.debug "$(whoami) [$$]: $(history 1 | sed "s/^[ ]*[0-9]\+[ ]*//" ) [$RETRN_VAL]"'
2. 添加rsyslog配置文件bash.conf:
sudo -e /etc/rsyslog.d/bash.conf
填寫如下內容:
local6.* /var/log/commands.log
3. 重啟rsyslog服務:
sudo systemctl restart rsyslog
4. 添加logrotate文件
cd /etc/logrotate.d
vi syslog
添加一行:
/var/log/cron
/var/log/maillog
/var/log/messages
/var/log/secure
/var/log/spooler
/var/log/commands.log
/var/log/commands.log
{
missingok
sharedscripts
postrotate
/bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true
endscript
}