Originally Posted by DevilCrab
hey is there anyway to keep getting log of commands run on linux centos VPS too keep watch.. like we have commands to get login IP and details when SSHed. so similarly i wanna keep log of commands anyone run in SSH.
is there anyway ?
The Logwatch package will email you a daily summary of a number of server logs, including the SSHd log. I get a summary of who successfully logged in via SSH, how many times, and from where, as well as what IPs tried to log in unsuccessfully and what credentials they used. It gets long if someone tries a brute-force SSH attack on a host where I'm allowing password authentication (I try to avoid that, favoring RSA keys instead, but the customer is always right and doesn't always understand public-key authentication. Anyway.)
To install Logwatch (which is basically just a collection of Perl filters for digesting various log formats) on Ubuntu, use apt-get install logwatch and then edit /etc/cron.daily/00logwatch, replacing --output mail with --mailto firstname.lastname@example.org
. You'll get one a day. You can add more flags to tune which logs Logwatch actually reads.