3 Answers
- Newest
- Most votes
- Most comments
1
Yes, you can use any tool to collect the logs like Bash history, Auditd (an open source tool that can be used to track system activity and logs all executed commands), Snoopy (an open source tool that logs all the executed commands), Syslog, etc.
answered a year ago
1
It is not clear if such a tool exists, but the following configuration in "~/.bash_profile" can be used to keep logs.
# keep everything in the log.
P_PROC=`ps aux | grep $PPID | grep sshd | awk ‘{ print $11 }’`
if [ “$P_PROC” = sshd: ]; then
script ~/log/`date +%Y%m%d-%H%M%S.log`
exit
fi
After log output, it is also possible to output to CloudWatch Logs if CloudWatch Agent is installed.
1
You can use the cloudwatch agent installed on the EC2 to stream configured log files to cloudwatch logs. You will need to install CW agent and configure which log files you wish to stream to cloudwatch
Relevant content
- AWS OFFICIALUpdated 9 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
Thank you for the reply so, you mean to say the above script will give data on which user has executed what commands
Yes. If you want to set up a user-specific profile for all users, you can do so by setting the profile in "/etc/profile".