1、把以下内容放至/etc/profile结尾(部分系统如CentOS 5.5可能需要放至/etc/bashrc结尾)HISTFILESIZE=2000
HISTSIZE=2000
export HISTTIMEFORMAT="%Y%m%d-%H%M%S:"
export PROMPT_COMMAND='{ command=$(history 1 | { read x y; echo $y; } | cut -d ":" -f2-);
logger -p local1.notice -t bash "$command(user=$USER,ppid=$PPID,from=$SSH_CLIENT,pwd=$PWD)"; }'
readonly PROMPT_COMMAND
注:readonly PROMPT_COMMAND防止恶意普通用户登陆后,清空变量,导致无法正常记录日志。
2、日志输出到单个文件
在/etc/rsyslog.conf中添加local1.notice /var/log/local1
3、配置logrotate
vim /etc/logrotate.d/local1/var/log/local1 {
missingok
notifempty
size 1M
yearly
create 0600 root root
}