1. rsyslog server端
vim /etc/rsyslog.d/server.conf
添加
$ModLoad imtcp $InputTCPServerRun 514
vim /etc/rsyslog.conf
添加
local4.* /var/log/history.log
2. rsyslog client端
vim /etc/rsyslog.d/client.conf
添加
local4.* @@server端ip:514 # (/var/log/history.log) 储存在本地
vim /etc/profile
IP=$(who am i | awk -F '(' '{print $2}'|tr -d ')') export PROMPT_COMMAND='{ msg=$(history 1 | { read x y; echo $y; });logger -p local4.info ["IP="'"$IP"'"" - "USER="'"$USER"'"" - "PWD="'"$PWD"'""]: "$msg"; }'
添加
3. 重启服务
systemctl restart rsyslog source /etc/profile
4. logrotate
vim /etc/logrotate.d/rsyslog
加入一条
/var/log/bash_history.log