• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
sharadchhetri

sharadchhetri

Tutorials On Linux, Unix & Open Source

  • Home
  • Linux Commands
  • Resources
    • Learn Linux
  • My WordPress plugins

Keep logs of user after sudo su – : Secondary Logging

December 2, 2011 by Sharad Chhetri 15 Comments

When we do sudo su – or su – and user become root we mostly found that in log it is not easy to track which command is used by which user.

In this post, we will setup the secondary logging to Keep logs of root user after sudo access. You can also setup the same configuration on non root user also.

In other words,we can save the commands hit by user even after it become root after doing sudo su – or su – .

How To Setup Secondary Logging For Sudo Activity

In this login into the Server as Root.

Step 1: Create Directory

Create directory called users_historylogs in /var/log/

mkdir -p /var/log/users_historylogs

Step 2: Configure History

Paste the given below contents in /root/.bashrc

export HISTSIZE=10000
export HISTTIMEFORMAT="%F %T "
export HISTFILE=/var/log/users_historylogs/root_history-$(who am i | awk '{print $1}';exit)
export PROMPT_COMMAND='history -a'

Step 3: Initialize .bashrc

After saving the file. Hit the below given command.

source /root/.bashrc

Now you can check. Do logout and login and change  to directory /var/log/users_historylogs .

You will find the logs and open it. You must have history of commands in this logs.

In next part , we have written the Secondary Logging For All Users

Share this:

  • Twitter
  • Facebook
  • More
  • Print
  • Email
  • LinkedIn
  • Reddit
  • Tumblr
  • Pinterest
  • Pocket
  • Telegram
  • WhatsApp
  • Mastodon

Related posts:

  1. Secondary Logging : Save All Users History Command Output As Log
  2. how to mount NAS storage in owncloud to keep all users data
  3. sudo command not found Debian 7
  4. Redirect sudo output to file
  5. How to enable logging of haproxy in rsyslog
  6. How to read logs which are writing continuously : LINUX/UNIX
  7. Install and configure rsyslog Centralized logging server in CentOS 6.5
  8. How to enable logging in Postgresql 9.2 and 9.1
  9. postgres database backup script using database user password inside
  10. Password prompt in single user mode is not secure : CentOS/Red Hat

Filed Under: Linux, Tips And Tricks Tagged With: logging

Reader Interactions

Comments

  1. ruhi says

    March 30, 2023 at 4:58 pm

    my requirement is to get all commands run on the system with date and time.Lets say A user logged into system and then switched to B ..commands run by both users in that session should be logged in a single file. This is not happening as of now.Also would like to get different lof files if a user opens multiple session then runs seperate commands.

    M using RHEL6

    Reply
    • Sharad Chhetri says

      March 31, 2023 at 12:27 am

      Hi Ruhi,

      If A User switch to B User then Computer understand it as 2 different users. Hence, the 2 different logs for each computer user will be logged.
      For Date and Time, work on this line HISTTIMEFORMAT="%F %T ". You can set the date time format according to you.It is similar to Date Command options available.

      Regards
      Sharad

      Reply
  2. ruhi says

    March 19, 2023 at 3:03 pm

    I want to get the commands run by each user using sudo/su/su -/powerbroker with date and time details.

    Reply
    • Sharad Chhetri says

      March 19, 2023 at 4:17 pm

      Hi Ruhi,

      Check this post once “Secondary Logging : save all users history command output as log”

      Regards
      Sharad

      Reply
  3. Ruhi says

    March 17, 2023 at 10:04 am

    It actually logs the command history when you come out from the session in reverse order.any solution for this

    Reply
    • Sharad Chhetri says

      March 17, 2023 at 12:17 pm

      Hi Ruhi,

      Yes, it actually keeps the command history of user who login to the shell. Will you help me to understand your exact problem and what you are trying to achieve? I also want to know in which Operating System you are trying this solution.

      Regards
      Sharad

      Reply
  4. Pawan says

    December 30, 2022 at 11:33 am

    Hi Sharad,

    will this work on TCSH shell ?

    am unable to run as $HISTFILE variable is not in tcsh shell please help me to setup the same in tcsh shell.

    Thanks

    Reply
  5. sysadm says

    December 19, 2019 at 3:22 pm

    simple solution! Good work…. I recommend to learn the account auditing features of your systems with the psacct or acct programs? Or turn on pam_tty_audit.so and capture every keystroke. Cheers

    Reply
  6. ratadm says

    September 20, 2019 at 9:51 pm

    This is great! Thank you for sharing.

    Would you or anybody here have instructions on how to add this custom log into syslog and ship to a central logging server?

    I was thinking it would be as simple as adding 1 line to my /etc/rsyslog.conf
    “`
    /var/log/users_historylogs/* @@syslog-central.my.com
    “`

    that didn’t work out for me.
    TYIA for your comments

    Reply
  7. Sergio says

    May 29, 2016 at 3:50 pm

    Great !! Thanks.. that is what I needed. One question, in the new LOG File, is there a way to show the date-time?
    Now it shows like this:

    cat /var/log/users_historylogs/root_history-sergio
    #1464536018
    cat /var/log/users_historylogs/root_history-sergio
    #1464536031
    nano /root/.bashrc
    #1464536093
    nano /root/.bashrc
    #1464536100
    source /root/.bashrc
    #1464536102
    ls -lh

    Reply
    • sharad chhetri says

      May 30, 2016 at 2:11 pm

      Hello Sergio,

      Seems the log is saving date/time as epoch way. I have seen this in some of our server but my bad this lazy fellow not work to make it human readable.
      Try to convert epoch time by using below given command, consider as example also –

      sharad@linuxworld:~$ date --date @1464536102
      Sun May 29 21:05:02 IST 2016
      sharad@linuxworld:~$

      Hope it will work for you.

      Regards
      Sharad

      Reply
  8. RAMESH DIDDUKURI says

    November 13, 2014 at 2:23 pm

    Thanks a lot, its useful solution.

    Reply
  9. Antoine says

    June 3, 2014 at 8:31 pm

    Hello,

    Your solution is pretty useful but I still have a problem: that doesn’t work into a TMUX session 🙁

    Challenge accepted? 🙂

    Reply
  10. Fritz says

    February 13, 2014 at 8:40 pm

    This is great, it’s what I was looking for… I had one question though

    Is there a way to display to date format year-month-day time? Currently with the above commands it displays as #1392323966?

    I am using centos 6.5

    Thanx

    Reply
    • sharad chhetri says

      February 14, 2014 at 4:56 pm

      Fritz,

      Thanks for appreciation.I really forget what these number is. It logs when you use history -a command.
      Alternatively , you can use this line

      export PATH
      export HISTSIZE=10000
      export HISTTIMEFORMAT="%F %T "
      export HISTFILE=/var/log/users_historylogs/root_history-$(who am i | awk '{print $1}';exit)-`date +%F`
      export PROMPT_COMMAND='history -a;date >> $HISTFILE'

      The date of execution will be appended in history log file.I hope it will work for you
      Apologise, I really forgot to write about what these number is. Even not able to recall what is it

      You can match the date and time by analyzing date in log file and history 10 command (it will show last 10 history command run)

      Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Primary Sidebar

Our Social Media Presence

  • Facebook
  • GitHub
  • Twitter

Linux Command

What is Linux Internal And External Command

Linux Basic Commands With Examples For Every Beginner

tr command to convert lines to space , tab and vertical tab

smbpasswd command not found on CentOS 7 and RHEL 7

Solution : semanage command not found

Unix / Linux : How to print duplicate lines from file

More Posts from this Category

You Might Like These Articles!

simplecodesyntax wordpress plugin

SimpleCodeSyntax : My Another WordPress Plugin

Install Nginx

How To Install Nginx On Ubuntu 22.04 LTS

Install Latest Git package in Ubuntu Operating System

How To Always Install Latest Git Package In Ubuntu Operating System

Bash script for installing VirtualBox on Ubuntu 22.04 LTS Desktop

Install VirtualBox On Ubuntu 22.04 LTS Desktop (Bash Script)

libfuse

dlopen(): error loading libfuse.so.2 – Got Error On Ubuntu

Failed to open/create the internal network

VirtualBox Error: Failed to open/create the internal network

Always Useful Tips And Tricks

rsync all files,hidden files,symlinks,hardlinks to remotes Linux Server

Forward all incoming emails to other SMTP server or gateway

SSH WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED

How to protect from port scanning and smurf attack in Linux Server by iptables

GNU Screen

This kernel requires an x86-64 CPU but only detected an i686 CPU

Change default editor of crontab in Ubuntu

Explore 90+ Article On "Linux Tips And Tricks"

Copyright © 2023 ·
The material in this site cannot be republished either online or offline, without our permission.
Proudly Blogging From Bharat.

  • Contact
  • About Me
  • My WordPress plugins
  • Privacy Policy