Live Chat!

List command line history with timestamp

* * * ½   3 votos

October 16th, 2008 mysurface Posted in Common, history, last | Hits: 84434 |

History is a common command for shell to list out all the executed commands. It is very useful when it comes to investigation on what commands was executed that tear down the server. With the help of last command, you be able to track the login time of particular user as well as the the duration of the time he/she stays login.

last
...
mysurface    tty7         :0               Mon Oct  6 20:07 - down   (00:00)
reboot   system boot  2.6.24.4-64.fc8  Mon Oct  6 20:06          (00:00)
mysurface    pts/8        10.168.28.44     Mon Oct  6 17:42 - down   (01:58)
mysurface    pts/7        :0.0             Mon Oct  6 17:41 - 19:40  (01:59)
mysurface    pts/6        :0.0             Mon Oct  6 17:27 - 19:40  (02:13)
mysurface    pts/5        :0.0             Mon Oct  6 17:27 - 19:40  (02:13)
mysurface    pts/5        :0.0             Mon Oct  6 15:52 - 15:59  (00:07)
...

If the command line history could provides the date time of the commands being executed, that may really narrow down the scope of the user actions that cause the server malfunction. By default, history do not append with timestamp, but it is easy to configure it to display timestamp, you just need to set one environment variable HISTTIMEFORMAT.

HISTTIMEFORMAT takes format string of strftime. Check out the strftime manual to choose and construct the timestamp that suit your taste. My favorite is “%F %T “.

export HISTTIMEFORMAT="%F %T "

Execute history again and you will see the effect on the spot, bare in mind that the timestamp for command lines that executed at previous sessions may not valid, as the time was not tracked.

...
  994  2008-10-16 02:27:40 exit
  995  2008-10-16 01:12:20 iptables -nL
  996  2008-10-16 01:47:46 vi .bash_profile
  997  2008-10-16 01:47:55 history
  998  2008-10-16 01:48:03 . .bash_profile
  999  2008-10-16 01:48:04 history
 1000  2008-10-16 01:48:09 exit
 1001  2008-10-16 02:27:43 history
...

I would suggest you to put the export into ~/.bash_profile as well as /root/.bash_profile. In case you do not have .bash_profile, you can choose to put into ~/.bashrc.

Don’t mess up my servers! Your actions will be track!

Related Posts
Retrieve Back Command Been Enter
Everytime you enter a command in shell. It will be store it a file for later use, so you can retrieve back the command ...

what is your 10 common linux commands?
Dear command line ninjas, Mr CLI and keyboard pianist: What is your regular command you use? I am sure you must think...

sometimes, grep alone is enough to do the task
One thing that makes UNIXes command line so powerful is because of pipelines. Pipelines is a set of processes chained by...

6 Responses to “List command line history with timestamp”

  1. Alex Says:
    October 21st, 2008 at 1:31 pm

    hope this may help..

    :)

  2. auravisya Says:
    November 4th, 2008 at 1:50 pm

    Nice and clean website. Lots of useful articles too.

    Thanks for the tips.

  3. Rahul Says:
    January 19th, 2009 at 11:35 am

    This is a very useful information.Thanks a lot

  4. shantylal Says:
    March 13th, 2009 at 9:32 pm

    Thanks,
    Very usefull tip. Keep them cuming(oops, :) I mean coming)… lol

  5. Uwe Brauer Says:
    March 13th, 2009 at 9:34 pm

    Thanks, but I am using tcsh shell. I googled around
    and there seems to be no easy way in the tcsh shell.

    Somebody has an idea?

    Uwe Brauer

  6. Jacob Says:
    June 29th, 2009 at 12:30 pm

    Yes it help me lot, certification.

Leave a Reply

Security Code: