On Tuesday, September 11, 2018 12:52:03 PM CEST Stefan G. Weichinger wrote: > At a customer we were asked to log/protocol all my administrative > activity for potential audits etc > > My admin-work is basically 98% ssh and maybe some additional tasks done > via virt-manager (logging the work inside the VMs there is another topic > ... I realize that right now). > > Is there a recommended way to track the logs? Specific setup for > syslog-ng or in my case journald? > > Maybe I should setup remote syslog here?
All, This piqued my interest and decided to google a little bit. Found the following, which might help: https://askubuntu.com/questions/93566/how-to-log-all-bash-commands-by-all-users-on-a-server Same method is described in: https://serverfault.com/questions/323270/how-can-i-make-bash-to-log-shell-commands-to-syslog This will help if all you do is working within bash. If you switch to a different shell or run scripts, the logging obviously fails. Another method might be: https://www.linuxjournal.com/article/6144 This is an older document, but might still be made to work as it uses "process accounting" which is still in the kernel afaik. -- Joost
