rsyslog
50-default.conf
# vim /etc/rsyslog.d/50-default.conf*.=info;*.=notice;*.=warn;\
auth,authpriv.none;\
cron,daemon.none;\
mail,news.none -/var/log/messages
重启rsyslog
# /etc/init.d/rsyslog restarthistory
# vim /etc/profileexport HISTTIMEFORMAT="[%F %T] [`whoami`] [`who -u am i | awk '{print $1,$2,$3,$4,$7}'`] [`pwd`] "
export PROMPT_COMMAND='{ msg=$(history 1 | { read x y; echo $y; } );logger "$msg"; }'# source /etc/profile查看history
# history1009 [2023-03-03 12:15:34] [root] [root pts/0 2023-03-03 12:13 (192.168.3.3)] [/root] claer
1010 [2023-03-03 12:15:36] [root] [root pts/0 2023-03-03 12:13 (192.168.3.3)] [/root] clear
1011 [2023-03-03 12:15:37] [root] [root pts/0 2023-03-03 12:13 (192.168.3.3)] [/root] history
查看日志
# tail -f /var/log/messagesMar 3 12:14:11 hardchain rsyslogd: [origin software="rsyslogd" swVersion="8.16.0" x-pid="16019" x-info="http://www.rsyslog.com"] start
Mar 3 12:14:11 hardchain rsyslogd-2007: action 'action 11' suspended, next retry is Fri Mar 3 12:14:41 2023 [v8.16.0 try http://www.rsyslog.com/e/2007 ]
Mar 3 12:14:11 hardchain rsyslogd: rsyslogd's groupid changed to 108
Mar 3 12:14:11 hardchain rsyslogd: rsyslogd's userid changed to 104
Mar 3 12:14:48 hardchain root: [2023-03-03 12:14:48] [root] [root pts/0 2023-03-03 12:13 (192.168.3.3)] [/root] source /etc/profile
Mar 3 12:15:25 hardchain root: [2023-03-03 12:15:25] [root] [root pts/0 2023-03-03 12:13 (192.168.3.3)] [/root] history
Mar 3 12:15:34 hardchain root: [2023-03-03 12:15:34] [root] [root pts/0 2023-03-03 12:13 (192.168.3.3)] [/root] claer
Mar 3 12:15:36 hardchain root: [2023-03-03 12:15:36] [root] [root pts/0 2023-03-03 12:13 (192.168.3.3)] [/root] clear
Mar 3 12:15:37 hardchain root: [2023-03-03 12:15:37] [root] [root pts/0 2023-03-03 12:13 (192.168.3.3)] [/root] history
