8

What's the best method of logging a BASH shell session to a file on the host machine?

The preferred output format would be equivalent to PuTTY's "printable output" log setting, as viewed by the user inclusive of input and exlusive of ncurses control character data.

Andy
  • 5,190
  • 23
  • 34

7 Answers7

4

It might be worth looking at shell or system auditing programs like rootsh or sudosh.

gharper
  • 5,365
  • 4
  • 28
  • 34
  • rootsh turns out to be nearest to what I want, thanks. – Andy Jun 19 '09 at 10:29
  • 1
    You can also take in consideration acct/psacct (BSD accounting) or snoopy. They do not log the output, but they are also less verbose. See: http://www.cyberciti.biz/tips/howto-log-user-activity-using-process-accounting.html and https://sourceforge.net/projects/snoopylogger/ – Mircea Vutcovici Mar 23 '10 at 17:28
  • The `rootsh` app is now deprecated and `sudosh` seems unmaintained. We implemented a paper-thin wrapper around `sudo` to allow `sudo` to be used as a login shell for the purpose of session logging. See here: https://github.com/cloudposse/sudosh – Erik Osterman Mar 14 '17 at 04:13
2

You could start gnu screen and use the log feature. I don't know of anything that is going to give you a really good log for ncurses applications like top.

man screen

log [on|off]

Start/stop writing output of the current window to a file "screenlog.n"
in the window's default directory, where n is the number of the current
window. This filename can be changed with the `logfile' command. ...

logfile filename
logfile flush secs

Defines the name the log files will get. The default is "screenlog.%n".
The  second  form changes the number of seconds screen will wait before
flushing the logfile buffer to the file-system. The default value is 10
seconds.
Zoredache
  • 128,755
  • 40
  • 271
  • 413
  • The output of screen is equivalent to script - ncurses handling appears unsupported. – Andy Jun 15 '09 at 14:54
2

TTYrec is probably the easiest solution. You can use the original:

http://0xcc.net/ttyrec/index.html.en

Or roll your own:

http://en.wikipedia.org/wiki/Ttyrec

Or, you could get all old school and | all your commands to tee command.timestamp.tee

dr.pooter
  • 399
  • 5
  • 10
1

The script program will take a complete log of your shell session. Dunno if it's equivalent to any PuTTY thing.

womble
  • 95,029
  • 29
  • 173
  • 228
  • Thanks, but it's not suitable as I spend time on the shell with top open, which screen records as: [andy@165 ~]$ top ESC[HESC[2JESC(BESC[mtop - 23:34:49 up 19 days, 17:42, 1 user, load average: 0.11, 0.07, 0.01ESC(BESC[mESC[39;49mESC[K – Andy Jun 14 '09 at 22:40
0

You can try to use http://xgu.ru/wiki/LiLaLo It is made in Russia, so documentation is also in Russian, but Google Translate will help you. Here is an example of the output:alt text
(source: xgu.ru)

Glorfindel
  • 1,213
  • 3
  • 15
  • 22
TiFFolk
  • 1,077
  • 3
  • 14
  • 25
0

I'm not sure exactly what you're trying to achieve here. Is this for training or forensics? If you want something that produces nice readable log files you're probably out of luck. If you're looking at being able to playback sessions, ttyrec is what you're after. You can run it as part of a login script to capture a user's session, but make sure you use 'trap' to stop a user from exiting ttyrec and getting back to a shell.

goo
  • 2,838
  • 18
  • 15
  • Personal auditing and plain text logging; playback of sessions is not required. – Andy Jun 15 '09 at 14:02
  • 2
    script is the nearest thing to what you want, although as stated it can't deal with ncurses nicely. We use script for logging all sessions and just try to see past the mess that ncurses will make. – goo Jun 15 '09 at 15:40
  • Thanks Geoff, looks like I might be stuck with script then. – Andy Jun 15 '09 at 16:22
0

All entered commands are written into .bash_history file, normally in your home. You can set count of lines that are stored via HISTFILESIZE setting.

There are no timestamps and output, however.

If this is really needed, I'd make a wrapper around bash, copying stdin and stdout to a file and work through that.

slovon
  • 957
  • 5
  • 12