Last active
October 14, 2025 12:54
-
-
Save jdavidrcamacho/cd96f3ee88795d6618e7a4d409f4749e to your computer and use it in GitHub Desktop.
Steps
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Install fluent-package v6 LTS: | |
| sudo apt update | |
| curl -fsSL https://fluentd.cdn.cncf.io/sh/install-ubuntu-noble-fluent-package6-lts.sh | sudo sh | |
| # Make sure the service is up and running: | |
| sudo systemctl enable --now fluentd | |
| sudo systemctl status fluentd | |
| # Replace the definitions at /etc/fluent/fluentd.conf with this config: | |
| <system> | |
| log_level info | |
| </system> | |
| <source> | |
| @type tail | |
| path /var/log/test.log | |
| pos_file /var/log/fluentd/test.pos | |
| tag test_logs | |
| <parse> | |
| @type none | |
| </parse> | |
| read_from_head true | |
| </source> | |
| <source> | |
| @type tail | |
| path /var/log/syslog | |
| pos_file /var/log/fluentd/syslog.pos | |
| tag cmdlog | |
| <parse> | |
| @type regexp | |
| expression /cmdlog: (?<message>.*)/ | |
| </parse> | |
| read_from_head false | |
| </source> | |
| <match test_logs cmdlog> | |
| @type copy | |
| <store> | |
| @type stdout | |
| </store> | |
| <store> | |
| @type forward | |
| <server> | |
| host 10.50.20.9 | |
| port 24224 | |
| </server> | |
| </store> | |
| </match> | |
| # Then in the terminal do: | |
| sudo touch /var/log/test.log | |
| sudo mkdir -p /var/log/fluentd | |
| # To ensure files/dirs exist, then do: | |
| sudo chmod 644 /var/log/test.log | |
| sudo chmod 777 /var/log/fluentd | |
| # To allow any user to read the log and Fluentd to write its pos file. Then restart and test: | |
| sudo systemctl restart fluentd | |
| sudo journalctl -u fluentd -f | |
| # And in a new terminal: | |
| echo "Hello world from a test VM" | sudo tee -a /var/log/test.log | |
| # Now to collect terminal commands do edit /etc/bash.bashrc (this file is sourced for all interactive shells): | |
| sudo nano /etc/bash.bashrc | |
| # Scroll to the bottom and paste this block: | |
| # Command logger for Fluentd | |
| if [ -n "$PS1" ] && [ -z "$BASH_COMMAND_LOGGER_SET" ]; then | |
| export BASH_COMMAND_LOGGER_SET=1 | |
| shopt -s histappend | |
| export HISTTIMEFORMAT="%F %T " | |
| LOG_FILE="/var/log/test.log" | |
| PROMPT_COMMAND='LAST_CMD=$(HISTTIMEFORMAT= history 1 | sed "s/^ *[0-9]\+ *//"); \ | |
| printf "%s user=%q tty=%q pwd=%q cmd=%q\n" "$(date --iso-8601=seconds)" "$USER" "$(tty 2>/dev/null)" "$PWD" "$LAST_CMD" >> "$LOG_FILE"; \ | |
| history -a' | |
| fi | |
| # Save and exit. In a new terminal do | |
| sudo usermod -aG cmdlog $USER | |
| ls -l /var/log/test.log | |
| sudo chgrp cmdlog /var/log/test.log | |
| sudo chmod 666 /var/log/test.log | |
| # Not sure why but I tried so many things, and this seemed to have some effect. | |
| # Log out and log in to Ubuntu. Open a terminal and start typing the commands should now be saved in the /var/log/test.log file. You can check them by doing | |
| sudo nano /var/log/test.log |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment