一、编辑/etc/profile
USER_IP=`who -u am i 2>/dev/null|awk '{print $NF}'|sed -e 's/[()]//g'`
HISTDIR=/usr/share/.history
if [ -z $USER_IP ]
then
USER_IP=`hostname`
fi
if [ ! -d $HISTDIR ]
then
mkdir -p $HISTDIR
chmod 777 $HISTDIR
fi
export HISTSIZE=9999
DT=`date +%Y%m%d_%H%M%S`
export HISTFILE="$HISTDIR/${LOGNAME}.${USER_IP}.history.$DT"
original_user=${SUDO_USER:-$(pstree -Alsu "$$" | sed -n "s/.*(([^)]*)).*($USER)[^(]*$/1/p")}
export HISTTIMEFORMAT="|normal|%F %T|${original_user:-$USER}|$$|"
chmod 644 %HISTDIR/${LOGNAME}.*.histroy* 2>/dev/null
export PROMPT_COMMAND='builtin history 1 >> $HISTFILE'
二、编辑/etc/rsyslog.d/bash_log.conf
module(load="imfile" PollingInterval="1")
input(type="imfile" File="/var/log/.bash_history/*history*"
Tag="bash-log"
Facility="local7"
Severity="debug"
deleteStateOnFileDelete="on"
)
三、编辑/etc/rsyslog.d/logserver.conf