共计 3517 个字符,预计需要花费 9 分钟才能阅读完成。
前言
如何格式化history操作,方便对接自己的收集系统呢
首先查看下系统默认的history格式
[root@ceph-node-01 ~]# history 10
119 iostat -d 2
120 iostat -dx 2
121 clear
122 exit
123 hostnamectl set-hostname ceph-node-01
124 bash
125 exit
126 ll
127 history -10
128 history 10
自定义history格式
创建json格式的history
编写用户登录初始化文件
[root@ceph-master ~]# tail -15 /etc/bashrc
# vim:ts=4:sw=4
HISTDIR='/var/log/terminal.json.log'
if [ ! -f $HISTDIR ];then
touch $HISTDIR
chmod 666 $HISTDIR
fi
export HISTTIMEFORMAT="{\"TIME\":\"%d/%m/%Y:%H:%M:%S +0800\",\"HOSTNAME\":\"$HOSTNAME\",\"LI\":\"$(who -u am i 2>/dev/null| awk '{print $NF}'|sed -e 's/[()]//g')\",\"LU\":\"$(who am i|awk '{print $1}')\",\"NU\":\"${USER}\",\"CMD\":\""
jsonlog(){
set -o history
history 1 | sed 's/^[ ]\+[0-9]\+ //' | sed -n '1h;1!H;$g;s/\n/\\n/g;s/{.TIME/\n&/g;$p' | sed '/^$/d;s/$/\"}/g' >> /var/log/terminal.json.log
}
#export PROMPT_COMMAND="history 1 | sed 's/^[ ]\+[0-9]\+ //' | sed -n -e '1h;1!H;$g;s/\n/ /g;s/{.TIME/\n&/g;$p' | sed '/^$/d' >> /var/log/command.log "
export PROMPT_COMMAND="jsonlog"
#export PROMPT_COMMAND='history 1 | sed "s/^[ ]\+[0-9]\+ //"|sed -n "1h;1!H;$g;s/\n/\\/g;s/{\"TIME/\n{\"TIME/g;$p" | sed "/^$/d;s/$/\"}/g" >> /var/log/command.log'
查看效果
[root@ceph-master ~]# history 10
425 {"TIME":"2020-08-06 17:59:44","HOSTNAME":"ceph-master","LI":"192.168.1.205","LU":"root","NU":"root","CMD":"ll
426 {"TIME":"2020-08-06 17:59:48","HOSTNAME":"ceph-master","LI":"192.168.1.205","LU":"root","NU":"root","CMD":"cat test.log
427 {"TIME":"2020-08-06 17:59:52","HOSTNAME":"ceph-master","LI":"192.168.1.205","LU":"root","NU":"root","CMD":"ll
428 {"TIME":"2020-08-06 17:59:56","HOSTNAME":"ceph-master","LI":"192.168.1.205","LU":"root","NU":"root","CMD":"cat /etc/bashrc
429 {"TIME":"2020-08-06 18:01:01","HOSTNAME":"ceph-master","LI":"192.168.1.205","LU":"root","NU":"root","CMD":"tail -15 /etc/bashrc
430 {"TIME":"2020-08-06 18:01:53","HOSTNAME":"ceph-master","LI":"192.168.1.205","LU":"root","NU":"root","CMD":"hsitory
431 {"TIME":"2020-08-06 18:01:55","HOSTNAME":"ceph-master","LI":"192.168.1.205","LU":"root","NU":"root","CMD":"history
432 {"TIME":"2020-08-06 18:02:42","HOSTNAME":"ceph-master","LI":"192.168.1.205","LU":"root","NU":"root","CMD":"tail /var/log/command.log
433 {"TIME":"2020-08-06 18:02:51","HOSTNAME":"ceph-master","LI":"192.168.1.205","LU":"root","NU":"root","CMD":"history -10
434 {"TIME":"2020-08-06 18:02:55","HOSTNAME":"ceph-master","LI":"192.168.1.205","LU":"root","NU":"root","CMD":"history 10
查看文件存储效果
[root@ceph-master ~]# tail /var/log/command.log
{"TIME":"2020-08-06 17:59:41","HOSTNAME":"ceph-master","LI":"192.168.1.205","LU":"root","NU":"root","CMD":"cat test"}
{"TIME":"2020-08-06 17:59:44","HOSTNAME":"ceph-master","LI":"192.168.1.205","LU":"root","NU":"root","CMD":"ll"}
{"TIME":"2020-08-06 17:59:48","HOSTNAME":"ceph-master","LI":"192.168.1.205","LU":"root","NU":"root","CMD":"cat test.log "}
{"TIME":"2020-08-06 17:59:48","HOSTNAME":"ceph-master","LI":"192.168.1.205","LU":"root","NU":"root","CMD":"cat test.log "}
{"TIME":"2020-08-06 17:59:52","HOSTNAME":"ceph-master","LI":"192.168.1.205","LU":"root","NU":"root","CMD":"ll"}
{"TIME":"2020-08-06 17:59:52","HOSTNAME":"ceph-master","LI":"192.168.1.205","LU":"root","NU":"root","CMD":"ll"}
{"TIME":"2020-08-06 17:59:56","HOSTNAME":"ceph-master","LI":"192.168.1.205","LU":"root","NU":"root","CMD":"cat /etc/bashrc "}
{"TIME":"2020-08-06 18:01:01","HOSTNAME":"ceph-master","LI":"192.168.1.205","LU":"root","NU":"root","CMD":"tail -15 /etc/bashrc "}
{"TIME":"2020-08-06 18:01:53","HOSTNAME":"ceph-master","LI":"192.168.1.205","LU":"root","NU":"root","CMD":"hsitory"}
{"TIME":"2020-08-06 18:01:55","HOSTNAME":"ceph-master","LI":"192.168.1.205","LU":"root","NU":"root","CMD":"history"}
到这里有个想法,使用ELK收集所有终端操作
正文完