Bash history time-stamping is not something new but it is not enabled as default in most Linux distro and hence not much people really know about it. I found this is really useful especially when you want to trace back user activities on server. So, it really worth a minute to turn it on.
To turn it on, you can either add the below parameter to systems' bashrc (i.e. /etc/bashrc in CentOS/Fedora/RHEL, /etc/bash.bashrc in Ubuntu/Debian) or your own bashrc (~/.bashrc)
export HISTTIMEFORMAT="%d.%m.%y %T "
Once you added above parameter to bashrc, logout and login and issues some command and then check back the history, you will see the timestamp is added.
# history
...
127 21.05.11 22:10:56 uptime
128 21.05.11 22:11:12 su - admin
129 21.05.11 22:11:15 exit
130 21.05.11 22:12:19 su - admin
132 21.05.11 22:12:33 exit
133 21.05.11 22:13:56 ps auxww
134 21.05.11 22:15:43 pwd
135 21.05.11 22:17:56 ls
136 21.05.11 22:20:56 sudo su -
137 21.05.11 22:23:56 exit
...
So, the magic here is the option HISTTIMEFORMAT. This option making use of strftime format. so%d %m %y %T means
%d - Day
%m - Month
%y - Year
%T - Time
To know more, one can always type "help history", "man bash" and "man strftime".
沒有留言:
張貼留言