3 個答案
- 最新
- 最多得票
- 最多評論
1
Yes, you can use any tool to collect the logs like Bash history, Auditd (an open source tool that can be used to track system activity and logs all executed commands), Snoopy (an open source tool that logs all the executed commands), Syslog, etc.
已回答 1 年前
1
It is not clear if such a tool exists, but the following configuration in "~/.bash_profile" can be used to keep logs.
# keep everything in the log.
P_PROC=`ps aux | grep $PPID | grep sshd | awk ‘{ print $11 }’`
if [ “$P_PROC” = sshd: ]; then
script ~/log/`date +%Y%m%d-%H%M%S.log`
exit
fi
After log output, it is also possible to output to CloudWatch Logs if CloudWatch Agent is installed.
1
You can use the cloudwatch agent installed on the EC2 to stream configured log files to cloudwatch logs. You will need to install CW agent and configure which log files you wish to stream to cloudwatch
相關內容
- 已提問 6 個月前
- 已提問 6 個月前
Thank you for the reply so, you mean to say the above script will give data on which user has executed what commands
Yes. If you want to set up a user-specific profile for all users, you can do so by setting the profile in "/etc/profile".