Friday, May 3, 2019

RHEL - Record ssh session data of your system

Record your ssh session data

There are many ways to record your session data, here we are going to discuss couple of them.

1. Using Putty
- Open your putty, go to Session
- Expand Session and click on Logging
- on the file name section, click on browse and specify the location you want to save and click ok
- Filename putty.log is selected by default. You can change it if you like.
- Now, append the following before the log so that your file looks like this -     putty_&Y-&M-&D-T-H.log
- And click on check box Always append to the end of it.

2. Using script command
- After you login to your server, just type script command, it will generate typescript file by default on wherever you type it from.
$ script
Script started, file is typescript.
- All the command and output the command generates will be recorded on the file.

Specifying filename
- If you like to named the file you want, simply specify the file after the command
$ script cmd_list_`date "+%m-%d-%y_%H-%M-%S`.log

3. Recording session of a remote host on log server
- Login to your log server and connect to your remote server.
$ ssh sam@ | tee -a /opt/logs/120_session.log

you can keep typing your commands on your remote host 120 and all the output will be recorded on your source server.

To verify,
- open a duplicate session of your log server (the source server)
- Use cat or tail command to see the log info
$ tail -f /opt/logs/120_session.log

No comments:

Post a Comment