相关内容:https://segmentfault.com/q/1010000009599965
#!/bin/bash
#script需要使用source commandhist.sh运行
#设置command history记录
cat >> /etc/profile <<"EOF"
HISTFILESIZE=2000
HISTSIZE=2000
HISTTIMEFORMAT="%Y%m%d-%H%M%S: "
export HISTTIMEFORMAT
export PROMPT_COMMAND='{ command=$(history 1 | { read x y; echo $y; });logger -p local1.notice -t bash -i "user=$USER,ppid=$PPID,from=$SSH_CLIENT,pwd=$PWD,command:$command"; }'
EOF
#设置/etc/profile文件生效
source /etc/profile
#增加一个本地的日志策略local.notice,并设置该消息不通过messages输出
cat >> /etc/rsyslog.conf <<EOF
local1.notice /var/log/command.log
EOF
sed -i 's/\*\.info;mail\.none;authpriv\.none;cron\.none/\*\.info;mail\.none;authpriv\.none;cron\.none;local1\.none/g' /etc/rsyslog.conf
#修改rsyslog时间格式
sed -i 's/$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat/#$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat/g' /etc/rsyslog.conf
cat >>/etc/rsyslog.conf<<"EOF"
$template myformat,"%$NOW% %TIMESTAMP:8:15% %hostname% %syslogtag% %msg%\n"
$ActionFileDefaultTemplate myformat
EOF
#配置command.log
cat >> /etc/logrotate.d/local1 <<EOF
/var/log/command.log{
daily
olddir /var/log/command_logs/
create 0600 root root
}
EOF
mkdir -p /var/log/command_logs
#重启日志服务
service rsyslog restart
