[clug] bash history > syslog working :)

Mon Aug 4 14:12:02 GMT 2008

Good Morning,

Thank you all for your responses. My plan is to log every bash command entered to a remote syslog. Now using the function found here: 
http://posludio.wordpress.com/2007/11/02/bash-history-to-a-remote-syslog/

I was able to get most commands to log correctly. So one issue down....
But, the only way it will log messages is if the user always uses the default shell. If they switch to use bash when their default is ksh then only commands run under ksh will be logged. 
At this point I am unsure on how to resolve that.
Any Ideas???




Thanks Again,
RT






-----Original Message-----
From: Tony Breeds [mailto:tony at bakeyournoodle.com] 
Sent: Sunday, August 03, 2008 5:30 PM
To: Michael Cohen
Cc: Ron Trujillo; linux at lists.samba.org
Subject: Re: [clug] bash history > syslog working :)

On Sun, Aug 03, 2008 at 07:02:35AM +1000, Michael Cohen wrote:
> Hi Ron,
>   I dont know if this is what you are looking for but its easy to send
> anything to syslog using the logger program:
> 
> 1) First you make a pipe
> 
> mkdir /tmp/somename p

mkfifo?


On another note a google + "I'm feelign lucky" gave me:
http://posludio.wordpress.com/2007/11/02/bash-history-to-a-remote-syslog/

The core of which seems to be:
default:~# diff -pu /etc/profile.20071101 /etc/profile
— /etc/profile.20071101 2007-11-02 01:36:03.000000000 +0000
+++ /etc/profile 2007-11-02 01:41:10.000000000 +0000
@@ -36,3 +36,10 @@ if [ "$BASH" ]; then
# export TMOUT=300
fi

+function history_to_syslog
+{
+ declare cmd
+ cmd=$(fc -ln -0)
+ logger -p local7.notice — SESSION = $$, CMD =$cmd
+}
+trap history_to_syslog DEBUG

I used to have to patch bash to do what you want but that was a while
ago.

Yours Tony

  linux.conf.au    http://www.marchsouth.org/
  Jan 19 - 24 2009 The Australian Linux Technical Conference!

