HPE Community
Operating System - HP-UX
1834882 Members
2264 Online
110071 Solutions
New Discussion

Maintaining log for command being type on workstation

 
Henry Chua
Super Advisor

‎09-18-2005 12:37 PM

‎09-18-2005 12:37 PM

Maintaining log for command being type on workstation

Hi Guys,

I was just wondering, is it possible to maintain a log of all command being type on a workstation. Even from remote login?

Thanks

Henry
0 Kudos
Reply
13 REPLIES 13
Bill Hassell
Honored Contributor

‎09-18-2005 01:19 PM

‎09-18-2005 01:19 PM

Re: Maintaining log for command being type on workstation

If you setup the shell variable HISTFILE in .profile, then commands will be logged. Note that only commands will be logged, not the interaction with the command itself such as vi (you won't see what was typed in vi). Put this in .profile:

export HISTFILE=$HOME/.sh_history

The user commands will be in the .sh_history file. Now the above line assumes several things: the standard shell /usr/bin/sh, and the user actually logs in using something like telnet or rlogin. For non-standard shells like csh, a single command such as remsh, or non-standard connections such as CDE, there are diferent or additional steps.

Now to log everything including interaction with other programs, you can use the script command.


Bill Hassell, sysadmin
0 Kudos
Reply
Henry Chua
Super Advisor

‎09-18-2005 01:49 PM

‎09-18-2005 01:49 PM

Re: Maintaining log for command being type on workstation

Hi Bill,

Thanks for the reply. Will this data be flushed whenever i logged off? Is there a way to prevent this. And is there a way to include a time stamp on when each command have been executed?

Regards
Henry
0 Kudos
Reply
Devender Khatana
Honored Contributor

‎09-18-2005 02:04 PM

‎09-18-2005 02:04 PM

Re: Maintaining log for command being type on workstation

Hi,

The data in history file will not be removed when logging off.

Putting a time stamp for each file is not possible with this.

Script command can also be used to achive this for a particular session. script also has -a option to append to previous file.

HTH,
Devender
Impossible itself mentions "I m possible"
0 Kudos
Reply
morganelan
Trusted Contributor

‎09-18-2005 02:14 PM

‎09-18-2005 02:14 PM

Re: Maintaining log for command being type on workstation

You must set two shell variables HISTFILE and HISTSIZE to maintain history of your commands that have been executed on your HPUX Machine.
The history file specified by HISTFILE contains the latest commands you executed at your terminal. Every time you type a command at the prompt and press Return it is stored in this history file. HISTSIZE specifies the maximum number of commands stored in that file. For example:

HISTFILE=/users/test/.history
HISTSIZE=100

If you do not set these two variables in your .profile, the shell defaults to a file named .sh_history of 128 lines.

The history mechanism keeps continuous record of the most recent commands you have executed, even if you log out and back into the system many times or execute the commands in a subshell.
Kamal Mirdad
0 Kudos
Reply
Vibhor Kumar Agarwal
Esteemed Contributor

‎09-18-2005 05:11 PM

‎09-18-2005 05:11 PM

Re: Maintaining log for command being type on workstation

I'll say go by the "script" option.

Becasue with history, if you exceed the size, the older commands will be overwritten.

Further script will give you more detail output.
Vibhor Kumar Agarwal
0 Kudos
Reply
Joseph Loo
Honored Contributor

‎09-18-2005 05:36 PM

‎09-18-2005 05:36 PM

Re: Maintaining log for command being type on workstation

hi,

do for:

each users:
# vi ~/.profile
insert -->
export HISTSIZE=1000
export HISTFILE=/.sh_history

the thing with .sh_history in each user profile is that they may amend that file as well.

if it is for auditing purpose, convert to trusted and turn auditing on.

regards.
what you do not see does not mean you should not believe
0 Kudos
Reply
Arunvijai_4
Honored Contributor

‎09-18-2005 05:43 PM

‎09-18-2005 05:43 PM

Re: Maintaining log for command being type on workstation

Hi Henry,

A similar thread you might want to look at it,

http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=957735

-Arun
"A ship in the harbor is safe, but that is not what ships are built for"
0 Kudos
Reply
Muthukumar_5
Honored Contributor

‎09-18-2005 06:20 PM

‎09-18-2005 06:20 PM

Re: Maintaining log for command being type on workstation

Setup history enablement in your shell if you want to log command being typed as,

--- /etc/profile ---

set -o vi
export HISTFILE=/tmp/history_${LOGNAME}_$(date +'%d-%m-%y')
export HISTSIZE=2000

You can change HISTFILE setting.

hth.
Easy to suggest when don't know about the problem!
0 Kudos
Reply
Edgar_8
Regular Advisor

‎09-19-2005 09:15 PM

‎09-19-2005 09:15 PM

Re: Maintaining log for command being type on workstation

Hi Henry,

I would suggest the following change to the .profile file:

TTY=$(tty)
TTYBASE=$(basename $TTY)
stty erase ^?
export HISTFILE=/.sh_history/$TTYBASE

This will create a new history file based on terminal.

hth
0 Kudos
Reply
Raj D.
Honored Contributor

‎09-19-2005 10:06 PM

‎09-19-2005 10:06 PM

Re: Maintaining log for command being type on workstation

Hi Henry ,

You need to add script in .profile script.

You can log all the session commands including session output with following:

1. In each user .profile , add the script command , So it will generate all the details of their session , with the file name.

Remember it will need additional space.
Line to add:


script $HOME/log/`whoami`.`date +%d%m%y"."%T`

So the file will have complete log of the user at that session , and close the log when he/she will logoff.. For details see: # man script.

Cheers,
Raj.
" If u think u can , If u think u cannot , - You are always Right . "
0 Kudos
Reply
Raj D.
Honored Contributor

‎09-19-2005 10:10 PM

‎09-19-2005 10:10 PM

Re: Maintaining log for command being type on workstation

Henry ,

Little correction :

Check this out :

$ mkdir $HOME/log
$ script "$HOME/log/`whoami`.`date +%d%m%y"."%T"


Dont cat the output file .., you can check from another session.

Enjoy,
Cheers,
Raj.
" If u think u can , If u think u cannot , - You are always Right . "
0 Kudos
Reply
Muthukumar_5
Honored Contributor

‎09-19-2005 10:38 PM

‎09-19-2005 10:38 PM

Re: Maintaining log for command being type on workstation

If you are going to try with script command then be aware disk usage. It will use more disk space that it gathers all typed command and results also.

It is better to keep history level itself when you are bothering about disk space also.

hth.
Easy to suggest when don't know about the problem!
0 Kudos
Reply
Marlou Everson
Trusted Contributor

‎09-20-2005 07:34 AM

‎09-20-2005 07:34 AM

Re: Maintaining log for command being type on workstation

Henry,

You may want to look at this thread (Is there a way to timestamp commnd history) for including a timestamp with the command.

http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=896650


Marlou
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.