this is a really useful setting that I didn't know about until a couple years ago.
HISTTIMEFORMAT='%F %T '
So used to it now, I get annoyed when I create a new account/login and don't have it.
Why: ability to correlate system artifacts with commands.
There's a file here, when/how did I create it?
Now in the shell, 'history' will show the time of commands; which may help you track down when you created (or deleted) a file, etc.
Some issues:
There's a file here, when/how did I create it?
Now in the shell, 'history' will show the time of commands; which may help you track down when you created (or deleted) a file, etc.
Some issues:
- if you start a new shell, and it ends after this one, $HISTFILE can get overwritten.
Problem if you like to have lots of shells & windows at the same time. - after a while, with a lot of history, only the last $HISTSIZE (or HISTFILESIZE) commands will be saved.
- your $HISTFILE contains unix epoch times, so not easily read or grep'd directly.
(However, you can easily save and load with history -w / -r ) - recorded time is not retroactive. All previous commands prior will have the time when you first set HISTTIMEFORMAT, so start today!
I have solutions to most of these, so each of my screen windows have their own history, also emacs, xterm shells, and a per-directory history as well.
How many commands? 121859 (just one system, my main laptop last 2.5 years usage),
this doesn't count a few other development systems.
Seems like a lot, but that's only ~133 commands per day average.
... So what is the ideal system audit trail ?
No comments:
Post a Comment