[SOLVED] timestamp of command history doesn't show time command was executed?
Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
timestamp of command history doesn't show time command was executed?
I want to be able to review when a command was executed as well as the syntax of the command. I have exported HISTTIMEFORMAT='%F %T ' . I then execute the history command: history | grep "cp /etc" . The result (last ~15 lines) is displayed below. The earliest time/date displayed is my most recent login time/date, not the time/date of when the command was executed. How do I display the time the command was executed?
993 2014-04-17 07:44:32 history > historyApr16.2014
994 2014-04-17 07:44:32 less historyApr16.2014
995 2014-04-17 07:44:32 net ads join -U adm-johnm -S cen-ad1.vlrb.org
996 2014-04-17 07:44:32 ls /etc/samba
997 2014-04-17 07:44:32 less /etc/samba/smbAD.conf
998 2014-04-17 07:44:32 sudo cp /etc/samba/smb.conf /etc/samba/Osmb.conf
999 2014-04-17 07:44:32 logout
1000 2014-04-17 07:46:12 history | grep "cp /etc"
1001 2014-04-17 07:48:37 man history
1002 2014-04-17 07:52:07 man HISTTIMEFORMAT
1003 2014-04-17 07:57:49 export HISTTIMEFORMAT='%d-%b %T '
1004 2014-04-17 07:58:06 history | grep "cp /etc"
1005 2014-04-17 08:00:10 export HISTTIMEFORMAT='%F %T '
1006 2014-04-17 08:00:16 history | grep "cp /etc"
In looking back at the command history I had displayed, it occurred to me that the behavior I was seeing, no timestamp earlier than today, even for commands that had been executed yesterday, could be due to the fact that I had never set HISTTIMEFORMAT before this morning's session. So I should also add the
export HISTTIMEFORMAT='%F %T '
command to my .bashrc file to ensure that there is always a timestamp format set during a session???
So I should also add the export HISTTIMEFORMAT='%F %T ' command to my .bashrc file to ensure that there is always a timestamp format set during a session???
Yes.
On a side note: please do not rely on this for auditing purposes. Unless set read-only by root about any variable used by your shell can he changed by the user. Haven't declared HISTFILE? Then you can set another one or point to /dev/null. Got HISTFILESIZE? Then you just repeat one command long enough to rotate out what you want to hide. And there's other tricks. If you need to store shell history in a way the auditd daemon doesn't cater for and in a way a user can't taint then use a mechanism like 'rootsh' uses as it can dump everything to a log file or better: (remote!) syslog. I thought that was important enough to mention.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
timestamp of command history doesn't show time command was executed?
