cd /etc/profile.d
vi cmd.sh
#######################################################以下为脚本内容
################################################
# cmd track
################################################
# CHANGELOG
#May 22, 2014 JY: * Initial Create
################################################
declare -r REAL_LOGNAME=`/usr/bin/who am i | cut -d" " -f1`
declare -r REAL_IP=`/usr/bin/who -u am i | awk '{print $NF}'|sed -e 's/[()]//g'`
if [ $USER == root ]; then
declare -r PROMT="#"
else
declare -r PROMT="$"
fi
#if [ x"$SSH_USER" == x ]; then
# declare -r REMOTE_USER=UNKNOW
#else
# declare -r REMOTE_USER=$SSH_USER
#fi
LAST_HISTORY="$(history 1)"
__LAST_COMMAND="${LAST_HISTORY/*:[0-9][0-9] /}"
declare -r h2l='
THIS_HISTORY="$(history 1)"
__THIS_COMMAND="${THIS_HISTORY/*:[0-9][0-9] /}"
if [ "$LAST_HISTORY" != "$THIS_HISTORY" ];then
__LAST_COMMAND="$__THIS_COMMAND"
LAST_HISTORY="$THIS_HISTORY"
logger -p local4.notice -i -t $REAL_LOGNAME $REAL_IP "[$USER@$HOSTNAME $PWD]$PROMT $__LAST_COMMAND"
fi'
trap "$h2l" DEBUG
############################脚本结束
source /etc/profile
vi /etc/rsyslog.d/10-cmd_track.conf
#############################以下为脚本内容
# Log nc_profile generated CMD log messages to file
local4.notice /var/log/cmd_track.log
#:msg, contains, "REM" /var/log/cmd_track.log
# Uncomment the following to stop logging anything that matches the last rule.
# Doing this will stop logging kernel generated UFW log messages to the file
# normally containing kern.* messages (eg, /var/log/kern.log)
& ~
#############################脚本结束
/etc/init.d/rsyslog restart
vi cmd.sh
#######################################################以下为脚本内容
################################################
# cmd track
################################################
# CHANGELOG
#May 22, 2014 JY: * Initial Create
################################################
declare -r REAL_LOGNAME=`/usr/bin/who am i | cut -d" " -f1`
declare -r REAL_IP=`/usr/bin/who -u am i | awk '{print $NF}'|sed -e 's/[()]//g'`
if [ $USER == root ]; then
declare -r PROMT="#"
else
declare -r PROMT="$"
fi
#if [ x"$SSH_USER" == x ]; then
# declare -r REMOTE_USER=UNKNOW
#else
# declare -r REMOTE_USER=$SSH_USER
#fi
LAST_HISTORY="$(history 1)"
__LAST_COMMAND="${LAST_HISTORY/*:[0-9][0-9] /}"
declare -r h2l='
THIS_HISTORY="$(history 1)"
__THIS_COMMAND="${THIS_HISTORY/*:[0-9][0-9] /}"
if [ "$LAST_HISTORY" != "$THIS_HISTORY" ];then
__LAST_COMMAND="$__THIS_COMMAND"
LAST_HISTORY="$THIS_HISTORY"
logger -p local4.notice -i -t $REAL_LOGNAME $REAL_IP "[$USER@$HOSTNAME $PWD]$PROMT $__LAST_COMMAND"
fi'
trap "$h2l" DEBUG
############################脚本结束
source /etc/profile
vi /etc/rsyslog.d/10-cmd_track.conf
#############################以下为脚本内容
# Log nc_profile generated CMD log messages to file
local4.notice /var/log/cmd_track.log
#:msg, contains, "REM" /var/log/cmd_track.log
# Uncomment the following to stop logging anything that matches the last rule.
# Doing this will stop logging kernel generated UFW log messages to the file
# normally containing kern.* messages (eg, /var/log/kern.log)
& ~
#############################脚本结束
/etc/init.d/rsyslog restart