在/etc/profile.d/建立一个clinet.sh文件
vim /etc/profile.d/client.sh
export PROMPT_COMMAND='{ msg=$(history 1 | { read x y; echo $y; });logger -p local4.info ["LOCAL|`grep IPADDR /etc/sysconfig/network-scripts/ifcfg-eth0|sed 's/IPADDR=//g'`" -- "SSH|$SSH_CONNECTION $SSH_TTY" -- "USER|$USER" -- "PWD|$PWD"]: "$msg"; }'"
在/etc/rsyslog.conf中添加这条
local4.* /var/log/cmd_track.log
重启rsyslog服务:
/etc/init.d/rsyslog restart
systemctl restart rsyslog
netstat -aulntp | grep rsyslog
tcp 0 0 0.0.0.0:514 0.0.0.0:* LISTEN 20228/rsyslogd
tcp6 0 0 :::514 :::* LISTEN 20228/rsyslogd
udp 0 0 0.0.0.0:514 0.0.0.0:* 20228/rsyslogd
udp6 0 0 :::514 :::* 20228/rsyslogd
完成后会在/var/log/下出现一个600权限的cmd_track.log日志
rsyslog 配置用户行为日志审计
猜你喜欢
转载自blog.csdn.net/eagle89/article/details/80771705
今日推荐
周排行