HPE Community
Operating System - HP-UX
1836528 Members
3929 Online
110101 Solutions
New Discussion

Easy yet I cannot answer - Question about HISTFILE

 
SOLVED
Go to solution
Mark Blonde
Advisor

‎12-15-2003 06:56 AM

‎12-15-2003 06:56 AM

Easy yet I cannot answer - Question about HISTFILE

Hi yall!
Here is my setup. I have HP-UX 11i and in each .profile, we specify
For Example
HISTFILE=.sh_history
HISTSIZE=1000

The question is , instead of just BLABLING all commands in a text file and not knowing exactly what time and date they were typed(see example below)
ls
cd /tmp
rm *
cd ..

Is there a way to have it log all commands but with the DATE and TIME each command was used? (see proposed output below)
Mon Dec 15 14:54:13 EST 2003: ls
Mon Dec 15 14:57:26 EST 2003: cd /tmp
Mon Dec 15 14:58:43 EST 2003: rm *
Mon Dec 15 14:59:31 EST 2003: cd ..

It would help us in knowing when commands were launched / executed!

Any help is appreciated! Thanks!!
If you don't have what you want, want what you have.
0 Kudos
Reply
4 REPLIES 4
Steven E. Protter
Exalted Contributor

‎12-15-2003 07:03 AM

‎12-15-2003 07:03 AM

Re: Easy yet I cannot answer - Question about HISTFILE

That would help us too.

In order to accomplish this, you'll need third party software or to write a little routine to process this log into a secondary log.

Someone in itrc may have one.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Reply
Patrick Wallek
Honored Contributor

‎12-15-2003 07:05 AM

‎12-15-2003 07:05 AM

Re: Easy yet I cannot answer - Question about HISTFILE

About the only way to do that is to turn on auditing.

The .sh_history file is meant as just a command history file. It is not meant to be used to audit who runs what commands when.
Reply
john korterman
Honored Contributor

‎12-15-2003 07:32 AM

‎12-15-2003 07:32 AM

Solution

Re: Easy yet I cannot answer - Question about HISTFILE

Hi,
I once thought of the same thing. To monitor a single user I made a script called tail_hist.sh:

#!/usr/bin/sh
USER_HISTFILE=
tail -1f $USER_HISTFILE| while read line
do
echo $(date) "$line" >>/tmp/copy.hist.user
done

which I then started in the background before the user actually logged on, e.g.:
# ./tail_hist.sh &

When the user logs on, his commands are then duplicated to /tmp/copy.hist.user
It works for a single user, but is difficult to administrate for more than one session. You should also consider the legal aspects.

regards,
John K.
it would be nice if you always got a second chance
Reply
Geoff Wild
Honored Contributor

‎12-15-2003 07:56 AM

‎12-15-2003 07:56 AM

Re: Easy yet I cannot answer - Question about HISTFILE

We do something like this for root:

# Set up logging
HISTFILE=${HOME}/.sh_history_`who am i|awk '{ print $1}'`
date >>$HISTFILE
export HISTFILE
HISTSIZE=500
export HISTSIZE

It time stamps each time one of us admin su's to root and keeps a separate root history for each admin.

Doesn't do it for all commands....

Rgds...Geoff
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.