I just found this....I tested it out and it works for me. So now I just gonna add this as a monitored file and forward the file to my central syslog server.
http://linuxmycommand.blogspot.ca/2012/06/how-to-log-all-bash-commands-by-all.html -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Philippe Muller Sent: Monday, April 08, 2013 11:15 AM To: rsyslog-users Subject: Re: [rsyslog] root .bash_history it should be built with SYSLOG_HISTORY defined. I guess you can do it with "make -DSYSLOG_HISTORY=1". Philippe Muller On Mon, Apr 8, 2013 at 8:02 PM, Josh Bitto <[email protected]> wrote: > I did some searching with google and can't find any adequate > information on it. Do you happen to know where I should be looking? > I'm using centos > 6.4 w/ bash 4.1 > > > > -----Original Message----- > From: [email protected] [mailto: > [email protected]] On Behalf Of Champ Clark III > Sent: Monday, April 08, 2013 10:37 AM > To: [email protected] > Subject: Re: [rsyslog] root .bash_history > > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Bash has a built in "history to syslog" patch. I think it's standard now. > That'd be a better way to archive the commands. > > > On 04/08/2013 01:16 PM, Josh Bitto wrote: > > I'm wanting to get an opinion. Would it be a smart play to monitor > > /root/.bash_history and log the > file to a remote server? > > > > Joshua Bitto > > Information Technologist > > KCC > > > > > > > > _______________________________________________ > > rsyslog mailing list > > http://lists.adiscon.net/mailman/listinfo/rsyslog > > http://www.rsyslog.com/professional-services/ > > What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE > > WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a > myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST > if you DON'T LIKE THAT. > > > - -- > - - Quadrant Information Security > Champ Clark III > o: 800.538.9357 x 101 > c: 850.443.2440 > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.11 (GNU/Linux) > Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ > > iQEcBAEBAgAGBQJRYwA0AAoJENnmXt7Lmc3K3k8H/Re3NndMauH64QlUvhU2tMuy > tYrdSFLdzKpnWcLDyWLivcKxX5hhSdYk6IplAWHU5HaTbu22pzeN6eICgd6sv7EM > UXBujutxEMPsoLdTQxCA6SF94cikvgXzSfj+An7lWVjVjhhfk2x1JNd/detZYO5x > 8OAsa+gZtqTic2YSL1yiFOL+ZUO97nKHGCANKe1MDfAaz0FOQsmgw+59lzvY2j/D > T/rURyvFQHZ2eQ/A3Hb9wq5KWFisdkZq6r8ebMFY1Aucy+7yogR/4Gx/tkKv8lMM > 37E9ujs2CaxjXk4b4S3eMom+CGi3I7ZQu6VcxEuweuGM24quj+1l0bgikmR0+xY= > =y/IH > -----END PGP SIGNATURE----- > > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: > This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites > beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T > LIKE THAT. > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE > WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of > sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > DON'T LIKE THAT. > _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT. _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
