{"items": [{"author": "sunshine-x", "source_link": "http://www.reddit.com/r/commandline/comments/pnhtz#c3qrsy1", "anchor": "r-c3qrsy1", "service": "r", "text": "Bad idea.\n\n

Properly configuring auditd would work infinitely better.\n", "timestamp": 1329147684}, {"author": "minifig", "source_link": "http://www.reddit.com/r/commandline/comments/pnhtz#c3qs0cf", "anchor": "r-c3qs0cf", "service": "r", "text": "→ elaborate please\n", "timestamp": 1329149043}, {"author": "sunshine-x", "source_link": "http://www.reddit.com/r/commandline/comments/pnhtz#c3qs9v2", "anchor": "r-c3qs9v2", "service": "r", "text": "→ → auditd can log everything you can imagine, including shell commands, and can be queried using special command line tools. \n\n

it's fantastic, and there's a lot more to it than I could type here. hit google, you won't regret learning about this one.\n", "timestamp": 1329150677}, {"author": "cbr", "source_link": "http://www.reddit.com/r/commandline/comments/pnhtz#c3qtm9t", "anchor": "r-c3qtm9t", "service": "r", "text": "→ My goal in logging history is to be able to look back and see what commands I entered when working on something a while ago. Reading about auditd, it sounds like it's not designed for this at all. For example, if I ran:\n\nfor significant_name in a b c d e f g ; do touch $significant_name ; done\n\n\n

I would like to see that in the log exactly as I originally wrote it, and I think all auditd sees is that I ran seven successive 'touch' commands on files a, b, c, d, e, f, and g. For understanding what I was working on, what I was trying to do, and how I did it, that's much less useful.\n", "timestamp": 1329158062}, {"author": "sunshine-x", "source_link": "http://www.reddit.com/r/commandline/comments/pnhtz#c3quk3p", "anchor": "r-c3quk3p", "service": "r", "text": "→ → given that use case, you may be on to something.\n", "timestamp": 1329162813}, {"author": "contrivance", "source_link": "http://www.reddit.com/r/commandline/comments/pnhtz#c3qru2q", "anchor": "r-c3qru2q", "service": "r", "text": "I handle this problem thusly:\n\n

In my .bashrc:\n\nshopt -s cmdhist\nshopt -s histappend\nexport PROMPT_COMMAND="history -a; history -n"\nexport HISTIGNORE="&:[bf]g:exit:fortune:clear:cl:history:cat *:dict *:which *:rm *:rmdir *:shred *:man *:apropos *:sudo rm *:sudo cat *:mplayer *:source *:. *:gojo *:mutt"\nexport HISTCONTROL=erasedups:ignoreboth\nunset HISTFILESIZE\nexport HISTSIZE=1000000\n\n\n

and in .bash_logout:\n\ncat ~/.bash_history >> ~/.history\nawk '!x[$0]++' ~/.history > ~/.bash_history\ncp ~/.bash_history ~/.history\n\n\n

The .bashrc stuff tells bash to save multi-line commands as a single line, to append to the history file when exiting, tells bash to ignore various commands from history, to keep a HUGE history file, and the PROMPT_COMMAND bit tells bash to update the history file and read anything new from it every time a command completes.\n\n

The .bash_logout copies .bash_history elsewere, runs it through awk to unique it (without having to sort, which removes context), then puts it back in place. \n", "timestamp": 1329147905}, {"author": "cbr", "source_link": "http://www.reddit.com/r/commandline/comments/pnhtz#c3qtnbn", "anchor": "r-c3qtnbn", "service": "r", "text": "→ This is good, and I'm going to add several of these, but unless I'm missing something it doesn't log the current directory.\n", "timestamp": 1329158205}, {"author": "contrivance", "source_link": "http://www.reddit.com/r/commandline/comments/pnhtz#c3qwlvr", "anchor": "r-c3qwlvr", "service": "r", "text": "→ → it doesn't...it's just a way to keep persistent shell history across multiple logins with the same id.\n\n

(I must admit, I don't understand why you'd care what directory you were in when you ran a given command.)\n", "timestamp": 1329173151}, {"author": "cbr", "source_link": "http://www.reddit.com/r/commandline/comments/pnhtz#c3qz3sd", "anchor": "r-c3qz3sd", "service": "r", "text": "→ → → If I'm working on a task I name the directory after it, so the directory field functions partly as a kind of tag. It also helps me get back into the frame of mind I was in when I initially typed the commands, which is good if I later want to go back and figure out why I did something the way I did.\n", "timestamp": 1329187209}, {"author": "hisham_hm", "source_link": "http://www.reddit.com/r/commandline/comments/pnhtz#c3qy8pn", "anchor": "r-c3qy8pn", "service": "r", "text": "→ Does anyone know the zsh equivalents to these? \n\n

In particular, it would be great if Ctrl-R searched through the history of past shells.\n", "timestamp": 1329182295}, {"author": "xlerb", "source_link": "http://www.reddit.com/r/commandline/comments/pnhtz#c3r0vs9", "anchor": "r-c3r0vs9", "service": "r", "text": "→ → man zshoptions, section "History". It looks like there are a bunch of bells and whistles that can be played with.\n\n

Edit: Or, if you want something more like the article, man zshmisc and look for "precmd". (I haven't actually tried any of this, but I think that's the corresponding command-hook thing.)\n", "timestamp": 1329197526}, {"author": "xlerb", "source_link": "http://www.reddit.com/r/commandline/comments/pnhtz#c3r0u7z", "anchor": "r-c3r0u7z", "service": "r", "text": "→ \n

awk '!x[$0]++'\n\n\n

Neat. I know awk pretty well, but that particular bit of golf hadn't occurred to me.\n", "timestamp": 1329197231}, {"author": "tovam", "source_link": "http://www.reddit.com/r/commandline/comments/pnhtz#c3r3207", "anchor": "r-c3r3207", "service": "r", "text": "→ → Can someone explain to me how that piece of awk works?\n", "timestamp": 1329221232}, {"author": "clvv", "source_link": "http://www.reddit.com/r/commandline/comments/pnhtz#c3rcfkh", "anchor": "r-c3rcfkh", "service": "r", "text": "→ → → It removes duplicate lines without messing up ordering. x is a hash table. x[$0] is the value in the hash table with key $0, which is the string of the entire line. When the line first comes up, x[$0] is not set and x[$0]++ set x[$0] to 1 and returns 0. Negating 0 yields 1, and the line is then printed. But on any subsequent appearance of that line, x[$0] will be greater than 0 and negating it will yield 0, and the line will not get printed.\n", "timestamp": 1329276327}, {"author": "Samus_", "source_link": "http://www.reddit.com/r/commandline/comments/pnhtz#c3qsyda", "anchor": "r-c3qsyda", "service": "r", "text": "why do I need those logs?\n", "timestamp": 1329154540}, {"author": "cbr", "source_link": "http://www.reddit.com/r/commandline/comments/pnhtz#c3qtnts", "anchor": "r-c3qtnts", "service": "r", "text": "→ Often I find I wish I remembered what commands I ran when working on something weeks or months ago. With this I can use grep to find out.\n", "timestamp": 1329158278}, {"author": "Ivan", "source_link": "https://plus.google.com/101147004225363019038", "anchor": "gp-1329155542484", "service": "gp", "text": "it's also useful to include $USER with each line. that makes it easy to distinguish between commands that you run as yourself and commands that you run as another user in a sub-shell invoked by sudo (e.g. ``sudo -s`` or ``sudo bash -c '{some commands}'``).", "timestamp": 1329155542}, {"author": "Jeff Kaufman", "source_link": "https://plus.google.com/103013777355236494008", "anchor": "gp-1329157135372", "service": "gp", "text": "@Ivan\n At least on my mac, this doesn't work. Testing with \"sudo -s\", commands I run aren't written to ~jeff/.full_history . If I set up history logging for root writing to ~root/.full_history they don't go there either (though they do with \"sudo su -\").", "timestamp": 1329157135}, {"author": "Jeff Kaufman", "source_link": "https://plus.google.com/103013777355236494008", "anchor": "gp-1329157400199", "service": "gp", "text": "@Ivan\n The prompt also doesn't take on root's coloring with \"sudo -s\" so I looked more and found sudo's using a SUDO_PS1 environment variable for that. I tried adding a SUDO_PROMPT_COMMAND out of curiosity, and it doesn't do anything.", "timestamp": 1329157400}, {"author": "Andrew", "source_link": "https://www.facebook.com/jefftk/posts/150551225064080?comment_id=150934611692408", "anchor": "fb-150934611692408", "service": "fb", "text": "The shell logs your commands so that you can search them using built-in commands - in *nix shells, these are typically bound to vi/emacs search keys or with !commands. If you are just logging your commands in a file but the shell doesn't have history/search access to them, you miss out on much of the usefulness/fun.", "timestamp": "1329180775"}, {"author": "Jeff Kaufman", "source_link": "https://www.facebook.com/jefftk/posts/150551225064080?comment_id=150980401687829", "anchor": "fb-150980401687829", "service": "fb", "text": "@Andrew: if you also tell your shell to keep a huge history and flush it to disk after every command you get the best of both worlds: full ~/.bash_history that your shell can search and work with, and ~/.full_history with metadata (timestamp, hostname, directory).

For bash you get huge history and immediate flushing with: http://www.reddit.com/.../you_should_be_logging.../c3qru2q", "timestamp": "1329185847"}, {"author": "Andrew", "source_link": "https://www.facebook.com/jefftk/posts/150551225064080?comment_id=151051235014079", "anchor": "fb-151051235014079", "service": "fb", "text": "Jeff, that's interesting. Back when I first saw the way Unix shells handled history (which was first in csh and then ksh, but not in the previous Bell Labs shells), I always wondered why the data was so ephemeral and poorly managed. In the pre-VAX days, we worried about every byte - you were lucky if your PDP11 had split I/D space or if it had as much memory as it could address - 256kB on an 11/45, 4MB on an 11/70, these were very large machines and time-shared among dozens of users. So It makes sense to not think about filling your process-space with old command lines. But even if it was configured to keep the last 500 lines, it never seemed to do sensible things when you spawned multiple shells or logged out and then back in.

One more odd note. In those days (early 80s), between the fact that shell history wasn't handled very well and the fact that it took a long time to fork a shell (this before vfork and with slow machines), there was a hack where a small program could poke the proc table of its PARENT process to set its uid to root (!) so that you could take your mere mortal shell, with its current shell history, and zap, you're root, and just where you were - an alias would poke your uid and then change your PS1 prompt to #. Another alias would flip back. This was before multi-window interfaces (or even screen) so focusing on your single screen with its single shell was more important than it is now.", "timestamp": "1329193592"}, {"author": "someFunnyUser", "source_link": "http://www.reddit.com/r/commandline/comments/pnhtz#c3r2s8u", "anchor": "r-c3r2s8u", "service": "r", "text": "I added $STY/$WINDOW to the log file, so that I know which screen window it was (+grepping)\n", "timestamp": 1329217105}, {"author": "ctaloi", "source_link": "http://www.reddit.com/r/commandline/comments/pnhtz#c43px0q", "anchor": "r-c43px0q", "service": "r", "text": "Any solutions for logging at a lower (or is it higher?) level - example, from my Mac on a given day I ssh into 10 different boxes, I'd like a centralized log of what I did on each of those nodes. I realize I could add the function to each node and script a centralized log dump - just not a very tidy solution.\n", "timestamp": 1332424826}, {"author": "Ethan", "source_link": "https://plus.google.com/105507155670392231828", "anchor": "gp-1337179641155", "service": "gp", "text": "Thanks for this tip -- I've been using it for about six months now and it's definitely saved me a couple of times. (Just this morning I was trying to figure out where on earth I put an essential archive of data from a decommissioned server about a month ago, which I need to unpack onto a new server today -- I couldn't remember what I had named the archive or even whether I left it on my own computer or moved it to another server somewhere, so find wasn't helpful. Eventually I thought to grep my ~/.full_history for \"scp\" and the IP of the decommissioned server. Definitely wouldn't have found it any other way.)", "timestamp": 1337179641}, {"author": "David Chudzicki", "source_link": "https://www.facebook.com/jefftk/posts/150551225064080?comment_id=1067909039994956", "anchor": "fb-1067909039994956", "service": "fb", "text": "Any suggestions for ssh? Some of the hardest commands to remember are ones I only occasionally run on remote servers.", "timestamp": "1475173364"}, {"author": "Jeff Kaufman", "source_link": "https://www.facebook.com/jefftk/posts/150551225064080?comment_id=1067968096655717", "anchor": "fb-1067968096655717", "service": "fb", "text": "@David: \"Some of the hardest commands to remember are ones I only occasionally run on remote servers.\"

Hmm. That's pretty hard. You could make your ssh command automatically set this logging up for any sessions you make, but the history file ends up on the remote server. Is that ok?", "timestamp": "1475177824"}, {"author": "David Chudzicki", "source_link": "https://www.facebook.com/jefftk/posts/150551225064080?comment_id=1067972683321925", "anchor": "fb-1067972683321925", "service": "fb", "text": "no", "timestamp": "1475178287"}, {"author": "Jeff Kaufman", "source_link": "https://www.facebook.com/jefftk/posts/150551225064080?comment_id=1067973176655209", "anchor": "fb-1067973176655209", "service": "fb", "text": "@David: Are these commands you could compose on your local box, and run remotely as ssh one-shots?", "timestamp": "1475178341"}, {"author": "David Chudzicki", "source_link": "https://www.facebook.com/jefftk/posts/150551225064080?comment_id=1067982606654266", "anchor": "fb-1067982606654266", "service": "fb", "text": "Hmm. It's things like \"error occurred, go find this data dump\". Probably could be one-shots. Good idea.", "timestamp": "1475179086"}, {"author": "George", "source_link": "https://www.facebook.com/jefftk/posts/150551225064080?comment_id=1069262199859640", "anchor": "fb-1069262199859640", "service": "fb", "text": "Maybe have the .logout copy/email the file to a common location?", "timestamp": "1475287534"}, {"author": "Daniel", "source_link": "https://plus.google.com/104241554778763268733", "anchor": "gp-1475984180832", "service": "gp", "text": "I\u2019m going to set this up right away. Hints you might want to include now that you\u2019ve re-featured the article:\n
\n
\n1. `zsh` has `preexec`, which is exactly what you want, and it also has better history format options but I don\u2019t know if they\u2019re enough.\n
\n2. You can add `preexec` to Bash; see \nhttps://github.com/rcaloras/bash-preexec\n.", "timestamp": 1475984180}, {"author": "Cortland", "source_link": "https://www.facebook.com/jefftk/posts/150551225064080?comment_id=2037247936394390", "anchor": "fb-2037247936394390", "service": "fb", "text": "Here is my attempt at writing this for tcsh. Put the following in your .tcshrc:
alias precmd 'echo \"`date +%Y-%m-%d--%H-%M-%S` `hostname` ${PWD} `history 1`\" >> ~/.full_tcsh_history'", "timestamp": "1549568148"}, {"author": "Jeff Kaufman", "source_link": "https://www.facebook.com/jefftk/posts/150551225064080?comment_id=2037265933059257", "anchor": "fb-2037265933059257", "service": "fb", "text": "Cortland an aside, but I'm pretty curious why you're using tcsh despite http://www.grymoire.com/Unix/CshTop10.txt etc", "timestamp": "1549569086"}, {"author": "Cortland", "source_link": "https://www.facebook.com/jefftk/posts/150551225064080?comment_id=2037273396391844", "anchor": "fb-2037273396391844", "service": "fb", "text": "There's a team at my work which built their testbench workflow on tcsh and I honestly don't know enough about what a UNIX shell does to try using their scripts from bash. Seems to me that I should be able to load their environment setup script in tcsh, run a bash shell for interactive use in there, and call their testbench script from that. As things stand, I can't get the test to run with tcsh alone, and I was losing track of my experiments because I'm used to having my shell history. Therefore step 1 was to get tcsh up to functional parity with bash.", "timestamp": "1549569495"}]}