Linux History command with timestamp
March 17, 2009 – 10:11 by Tom Van den BergHistory is a common command for shell to list out all the executed commands. It is very useful when it comes to investigation on what commands was executed that tear down the server or to find that one command you used in the past.
If the command line history could provides the date time of the commands being executed, that may really narrow down the scope of the user actions that cause the server malfunction. By default, history do not append with timestamp, but it is easy to configure it to display timestamp, you just need to set one environment variable HISTTIMEFORMAT.
HISTTIMEFORMAT takes format string of strftime. Check out the strftime manual to choose and construct the timestamp that suit your taste. My favorite is “%F %T “.
export HISTTIMEFORMAT="%F %T "
Execute history again and you will see the effect on the spot, bare in mind that the timestamp for command lines that executed at previous sessions may not valid, as the time was not tracked.
... 994 2008-10-16 02:27:40 exit 995 2008-10-16 01:12:20 iptables -nL 996 2008-10-16 01:47:46 vi .bash_profile 997 2008-10-16 01:47:55 history 998 2008-10-16 01:48:03 . .bash_profile 999 2008-10-16 01:48:04 history 1000 2008-10-16 01:48:09 exit 1001 2008-10-16 02:27:43 history ...
I would suggest you to put the export into ~/.bash_profile as well as /root/.bash_profile. In case you do not have .bash_profile, you can choose to put into ~/.bashrc.
Don’t mess up my servers! Your actions will be track!
Resource: Click here
One Response to “Linux History command with timestamp”
Dear Sir,
It is really helpful for me. Thanks a lot.
cheers,
Quencey.
By Quencey on Jun 22, 2010