Did you ever had a look at you bash history?<\/p>\n
No? Well, try it issuing the following command:<\/p>\n
root@moveaway: history<\/pre>\n...\r\n996 netstat -tapn\r\n997 vi \/etc\/my.cnf\r\n998 vi \/etc\/my.cnf\r\n999 service mysql restart\r\n1000 service mysqld restart\r\n1001 history<\/pre>\nWow! One thousand (and one) commands issued on my laptop command line! Nice, insn’t it?<\/p>\n
Well, ohhhh yess…but…mmm…when did I issue each command?<\/p>\n
The default behaviour for the bash history file (.bash_history in your home directory), is to take note only<\/strong> of the commands, nothing else, as you can see “catting” the raw file:<\/p>\n
root@moveaway: cat .bash_history\r\n..\r\nnetstat -tapn\r\nvi \/etc\/my.cnf\r\nvi \/etc\/my.cnf\r\nservice mysql restart\r\nservice mysqld restart<\/pre>\nNot that useful if you are trying to link some correlations from the commands you issued and what happened in your system. Better for you to timestamp you history log.<\/p>\n
How to do it?<\/p>\n
First, let’s pay attention to what<\/p>\n
root@moveaway: man bash<\/pre>\ntells us:<\/p>\n
HISTTIMEFORMAT<\/strong>
\nIf this variable is set and not null, its value is used as a format string for strftime(3) to print the time stamp associated with each his-
\ntory entry displayed by the history builtin. If this variable is set, time stamps are written to the history file so they may be preserved
\nacross shell sessions.<\/p><\/blockquote>\nSo, setting the variable<\/p>\n
HISTTIMEFORMAT<\/pre>\nwould give a relief to our concern. The syntax is similar the one you use for the command<\/p>\n
date<\/pre>\nso<\/p>\n
man date<\/pre>\nwill help you to find a proper format string for this variable. Anyway, if you have no idea, here is a pre formatted variable (Year-Month-Day Hours:Minutes:Seconds)<\/p>\n
HISTTIMEFORMAT=\"%Y-%m-%d %H:%M:%S \"<\/pre>\nThis string alone won’t work, we have to “export” it as a environment variable:<\/p>\n
export HISTTIMEFORMAT=\"%Y-%m-%d %H:%M:%S \"<\/pre>\nMmm…let’s have a look to our history:<\/p>\n
root@moveaway: history<\/pre>\n997 2008-07-31 19:40:34 vi \/etc\/my.cnf\r\n998 2008-07-31 19:40:34 vi \/etc\/my.cnf\r\n999 2008-07-31 19:40:34 service mysql restart\r\n1000 2008-07-31 19:40:34 service mysqld restart\r\n1001 2008-07-31 19:40:37 history<\/pre>\nOuch! All the entries have the same date stamp! Well, to fix this we should exit the login session and logon again, but our environment variable would get lost. We must make it lasting through sessions. Let’s invoke the<\/p>\n
man bash<\/pre>\ncommand again:<\/p>\n
When bash is invoked as an interactive login shell, or as a non-interactive shell with the –login option, it first reads and executes commands from
\nthe file \/etc\/profile, if that file exists. After reading that file, it looks for ~\/.bash_profile, ~\/.bash_login, and ~\/.profile, in that order,
\nand reads and executes commands from the first one that exists and is readable.<\/p><\/blockquote>\nInteresting. It’s time to edit the<\/p>\n
\/etc\/profile<\/pre>\nfile and write the command in, to make it last:<\/p>\n
export HISTTIMEFORMAT=\"%Y-%m-%d %H:%M:%S \"<\/pre>\nSave the file, exit the login session and logon again. Now issue some commands…<\/p>\n
root@moveaway: prova_time_stamp_1\r\n-bash: prova_time_stamp_1: command not found\r\nroot@moveaway: prova_time_stamp_2\r\n-bash: prova_time_stamp_2: command not found\r\nroot@moveaway: prova_time_stamp_3\r\n-bash: prova_time_stamp_3: command not found\r\nroot@moveaway: history<\/pre>\nWell, not real commands, but they will be a good placeholder to mark the timestamps. Let’s issue<\/p>\n
history<\/pre>\nagain:<\/p>\n
1001 2008-07-31 19:42:46 prova_time_stamp_1\r\n1002 2008-07-31 19:42:54 prova_time_stamp_2\r\n1003 2008-07-31 19:43:00 prova_time_stamp_3\r\n1004 2008-07-31 19:43:25 history<\/pre>\nIt works! Now our history is marked with a time stamp for each entry, so it will be easier to understand when a command has been issued. Let’s have a look to the<\/p>\n
.bash_history<\/pre>\nfile, but since the file is fully written only after<\/strong> the login session is closed, logoff, logon again and then issue:<\/p>\n
root@moveaway: cat .bash_history\r\n...\r\n#1217533366\r\nprova_time_stamp_1\r\n#1217533374\r\nprova_time_stamp_2\r\n#1217533366\r\nprova_time_stamp_3\r\n#1217533405\r\nhistory<\/pre>\nWhat’s that? Each command is prefixed by a Unix Timestamp<\/a>, which is converted for you by the<\/p>\n
history<\/pre>\n