Operating System - HP-UX
1834148 Members
2227 Online
110064 Solutions
New Discussion

Easy yet I cannot answer - Question about HISTFILE

 
SOLVED
Go to solution
Mark Blonde
Advisor

Easy yet I cannot answer - Question about HISTFILE

Hi yall!
Here is my setup. I have HP-UX 11i and in each .profile, we specify
For Example
HISTFILE=.sh_history
HISTSIZE=1000

The question is , instead of just BLABLING all commands in a text file and not knowing exactly what time and date they were typed(see example below)
ls
cd /tmp
rm *
cd ..

Is there a way to have it log all commands but with the DATE and TIME each command was used? (see proposed output below)
Mon Dec 15 14:54:13 EST 2003: ls
Mon Dec 15 14:57:26 EST 2003: cd /tmp
Mon Dec 15 14:58:43 EST 2003: rm *
Mon Dec 15 14:59:31 EST 2003: cd ..

It would help us in knowing when commands were launched / executed!

Any help is appreciated! Thanks!!
If you don't have what you want, want what you have.
4 REPLIES 4
Steven E. Protter
Exalted Contributor

Re: Easy yet I cannot answer - Question about HISTFILE

That would help us too.

In order to accomplish this, you'll need third party software or to write a little routine to process this log into a secondary log.

Someone in itrc may have one.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Patrick Wallek
Honored Contributor

Re: Easy yet I cannot answer - Question about HISTFILE

About the only way to do that is to turn on auditing.

The .sh_history file is meant as just a command history file. It is not meant to be used to audit who runs what commands when.
john korterman
Honored Contributor
Solution

Re: Easy yet I cannot answer - Question about HISTFILE

Hi,
I once thought of the same thing. To monitor a single user I made a script called tail_hist.sh:

#!/usr/bin/sh
USER_HISTFILE=
tail -1f $USER_HISTFILE| while read line
do
echo $(date) "$line" >>/tmp/copy.hist.user
done

which I then started in the background before the user actually logged on, e.g.:
# ./tail_hist.sh &

When the user logs on, his commands are then duplicated to /tmp/copy.hist.user
It works for a single user, but is difficult to administrate for more than one session. You should also consider the legal aspects.

regards,
John K.
it would be nice if you always got a second chance
Geoff Wild
Honored Contributor

Re: Easy yet I cannot answer - Question about HISTFILE

We do something like this for root:

# Set up logging
HISTFILE=${HOME}/.sh_history_`who am i|awk '{ print $1}'`
date >>$HISTFILE
export HISTFILE
HISTSIZE=500
export HISTSIZE

It time stamps each time one of us admin su's to root and keeps a separate root history for each admin.

Doesn't do it for all commands....

Rgds...Geoff
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.