how to collect command logs performed on ec2 ubuntu instance


My question is how can i collect logs of commands written or changes made by that particular user in the ubuntu instance after i ssh into it. so can it be displayed on any dashboard (if yes, suggest how can i perform it and what tools might support the above scenario)

2 Answers

Enable Bash command auditing:

  • Edit the /etc/bash.bashrc file and add the following lines
export PROMPT_COMMAND='RETRN_VAL=$?;logger -p local6.debug "$(whoami) [$$]: $(history 1 | sed "s/^[ ]*[0-9]\+[ ]*//" ) [$RETRN_VAL]"'

This will log all executed commands to syslog under the local6 facility.

file = /var/log/syslog
log_group_name = YOUR_LOG_GROUP_NAME
log_stream_name = {instance_id}
datetime_format = %b %d %H:%M:%S
  • Create a dashboard in CloudWatch
profile picture
answered a year ago

Take a look at Sessions Manager and session logging.

profile pictureAWS
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions