一、配置命令记录 -- /etc/profile.d/usercmd.sh
1. 设置HISTTIMEFORMAT -- 命令执行时间
export HISTTIMEFORMAT="[%H:%M:%S] "
2. 设置PROMPT_COMMAND
a. 命令用双引号包括,记录命令中间及后面的空白符
export PROMPT_COMMAND='
msg="[$( date +"%F %T" )] \
$(whoami) \
\"$( history 1 | sed -r "s|^[ \t]+[0-9]+[ \t]+||" )\" \
FROM $( who am i | sed -r "s|^([^ \t]+)[ \t]+([^ \t]+)[ \t]+(.+)[ \t]+(\(.+\))|\1 \2 \4|" ) \
"; \
echo "$msg" \
>>/var/log/usercmd.log
'
b. 命令用双引号包括,无法记录命令中间及后面的空白符
export PROMPT_COMMAND='
echo [$( date +"%F %T" )] \
$(whoami) \
$( history 1 | ( read num cmd ; echo \"$cmd\" ) ) \
FROM $( who am i | sed -r "s|^([^ \t]+)[ \t]+([^ \t]+)[ \t]+(.+)[ \t]+(\(.+\))|\1 \2 \4|" ) \
>>/var/log/usercmd.log
'
c. 命令用花括号包括,记录命令中间及后面的空白符
export PROMPT_COMMAND='
echo [$( date +"%F %T" )] \
$(whoami) \
{"$( history 1 | sed -r "s|^[ \t]+[0-9]+[ \t]+||" )"} \
FROM \
$( who am i | sed -r "s|^([^ \t]+)[ \t]+([^ \t]+)[ \t]+(.+)[ \t]+(\(.+\))|\1 \2 \4|" ) \
>>/var/log/usercmd.log
'
二、配置日志文件备份 -- /etc/logrotate.d/usercmd
/var/log/usercmd.log
{
compress
dateext
maxage 365
rotate 99
missingok
notifempty
size +4096k
create 622 root root
}
网友评论