bash log传到日志服务器

记录bash_log

- 编辑/etc/profile

USER_IP=`who -u am i 2>/dev/null|awk '{print $NF}'|sed -e 's/[()]//g'`

ORIGIN_USER=`who -u am i 2>/dev/null|awk '{print $1}'|sed -e 's/[()]//g'`

HISTDIR=/var/log/.bash_history

if [ -z $USER_IP ]

        then

                        USER_IP=`hostname`

fi

if [ ! -d $HISTDIR ]

        then

                        mkdir -p $HISTDIR

                        chmod 777 $HISTDIR

fi

export HISTSIZE=9999

DT=`date +%Y%m%d`

export HISTFILE="$HISTDIR/history.$DT"

export HISTTIMEFORMAT="|normal|%F %T|$USER_IP|$ORIGIN_USER:$LOGNAME|$$|"

chmod 644 %HISTDIR/histroy*  2>/dev/null

export PROMPT_COMMAND='builtin history 1 >> $HISTFILE'

 

编辑 /etc/rsyslog.d/bash_log.conf

module(load="imfile" PollingInterval="1")

input(type="imfile" File="/var/log/.bash_history/*history*"

                Tag="bash-log"

                Facility="local7"

                Severity="debug"

                deleteStateOnFileDelete="on"

                )

 

编辑/etc/rsyslog.d/logserver.conf

*.*  @192.168.0.15

 

cenots7要升级rsyslog

cd /etc/yum.repos.d/
wget http://rpms.adiscon.com/v8-stable/rsyslog.repo
yum install rsyslog