Linux enables audit operation log (history format)

Enterprise 2023-12-17 07:04:07 views: null

1. Edit vi /etc/profile

{#Add the following code to the /etc/profile configuration file

#设置history格式
export HISTTIMEFORMAT="[%Y-%m-%d %H:%M:%S] [`who am i 2>/dev/null| \
awk '{print $NF}'|sed -e 's/[()]//g'`] "


export PROMPT_COMMAND='\
if [ -z "$OLD_PWD" ];then
export OLD_PWD=$PWD;
fi;
if [ ! -z "$LAST_CMD" ] && [ "$(history 1)" != "$LAST_CMD" ]; then
logger -t `whoami`_shell_cmd "[$OLD_PWD]$(history 1)";
fi ;
export LAST_CMD="$(history 1)";
export OLD_PWD=$PWD;'

Then save shift+q and enter wq to exit!

}

2. Reload the profile configuration file

Execute the command source /etc/profile

3. Configure the rsyslog.conf file

{Edit the vi /etc/rsyslog.conf file and add the following code to the rsyslog.conf file

*.info;mail.none;authpriv.none;cron.none;user.none                /var/log/messages   
user.*                    /var/log/history  

Then save shift+q and enter wq to exit!

}

4. Restart the rsyslog service and load the history diary.

Execute the command systemctl restart rsyslog

5. Test

Check whether cat /var/log/history or cd /var/log/history has an additional file called history, indicating that the configuration is successful.

--------------------------------------------

1. Implement logrotate by cutting and generating logs tomorrow.

Create a new history file and execute the following command to create the history file

# vi /etc/logrotate.d/history
/var/log/history {
        daily
        copytruncate
        rotate 7
        compress
        dateext
        delaycompress
        notifempty
        missingok
        create 644 root root
}

Then save shift+q and enter wq to exit!


2. Execute the generation command

Execute the command logrotate -f /etc/logrotate.d/history

3. View the log file

Execute cd /var/log/ to enter the log file, and execute the view command ls. At this time, there is an additional history and date file under the log file, indicating success!

reference:

/etc/logrotate.conf involves the log cycle and retention time
/etc/rsyslog.conf involves the storage location of the log and what operations are recorded

If you need to continue configuring, you can view logrotate.conf and rsyslog.conf parameters and detailed configuration on Baidu.

Guess you like

Origin blog.csdn.net/Fadess/article/details/131962992
Recommended
Ranking
error: (-215:Assertion failed) !_img.empty() in function ‘cv::imwrite‘
Database migration between Navicat servers
Minimum number of rotation of the array: Array
balenaEtcher for mac (make a boot disk software) v1.5.67
Custom processing serialization and deserialization in jackson
Mu-en-mask system development software
Mastering Regular Expressions
Find mileage Java--
Web pages can not directly concern the public micro-channel number how to do? A key to arouse public concern number of micro-channel solutions
[CodeForces - 739B] Alyona and a tree Tree + [difference] + bipartite
Daily
More
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)

Code World

© 2018 codetd.com