Thursday, July 7, 2016

How to log/save all commands in CentOS

How to log/save all commands in CentOS

One of the easy ways to log/save/record all issued commands by users is setup logger.

I use rsyslog.

1. Add at the end of /etc/bashrc

export PROMPT_COMMAND='RETRN_VAL=$?;logger -p local6.debug "$(whoami) [$$]: $(history 1 | sed "s/^[ ]*[0-9]\+[ ]*//" ) [$RETRN_VAL]"'

if you want to log also IP use this (I know it is not perfect if there are few the same users connected from different IPs)


export PROMPT_COMMAND='RETRN_VAL=$?;logger -p local6.debug "$(w -i -h| grep -Eo "[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}" ) : $(history 1 | sed "s/^[ ]*[0-9]\+[ ]*//" ) [$RETRN_VAL]"'

Output will be like this:

date time server-name user-name: IP address : command
Jul  7 13:36:45 server1 root: 192.168.0.5 : 07/07/16 13:36:38 ls -la [0]


2.  Create new config file at:

/etc/rsyslog.d/bash.conf

and put inside:
local6.*    /var/log/logger.log

3. Restart syslog
systemctl restart rsyslog.service

4. edit /etc/logrotate.d/syslog

and add just under
/var/log/secure
/var/log/spooler


/var/log/logger.log

that`s all!

Monday, July 4, 2016

Graphs shows no data (nan) or empty graphs - Observium

Graphs shows no data - Observium

Probably cron does not work.

Manual recommends using these:

33 */6 * * *   root    /opt/observium/discovery.php -h all >> /dev/null 2>&1
*/15 * * * *   root    /opt/observium/discovery.php -h new >> /dev/null 2>&1
*/15 * * * *   root    /opt/observium/poller-wrapper.py 2 >> /dev/null 2>&1




it will not work when edited using crontab -e

Create new file in /etc/cron.d/observium

and paste there.

If still does not work try this:

33 */6 * * *   root    cd /opt/observium/ && ./discovery.php -h all >> /dev/null 2>&1
*/15 * * * *   root    cd /opt/observium/ && ./discovery.php -h new >> /dev/null 2>&1
*/15 * * * *   root    cd /opt/observium/ && ./poller.php -h all >> /dev/null 2>&1

If still does not work, try to add above cron entries into

/etc/crontab


and restart cron service.

Cybermap

Internet Storm Center Infocon Status

Internet Storm Center Infocon Status
Internet Storm Center Infocon Status