Registering Local Or Remote Commands With logsave
Author: Pedro Moura from AS2MWPC
http://wpc.com.br "GNU/LINUX and OpenBSD training"
Date: 11/08/2009
1) Subject
The general idea is to use the logsave to register commands and their outputs.
Initially we record local commands and then we use this technique to make a record (locally) about a remote session.
2) Environments
We test the logsave in Debian 5 and Ubuntu 9.04, in both this command belongs to the e2fsprogs package as we see below:
Debian Package 5: e2fsprogs Version: 1.41.3-1
9.04 Ubuntu Package: e2fsprogs Version: 1.41.4-1ubuntu1
3) Maintainer of the package e2fsprogs
Theodore Y. Ts'o (tytso@mit.edu) http://web.mit.edu/tytso/www/home.html
4) Use
logsave logfile command
5) Examples
5.1) Registering local commands
5.1.1) In the command below we write the current kernel version to the file "register.log":
logsave register.log uname -r
5.1.2) In the next example we add in the "register.log" information about the "hosts" file:
logsave -a register.log ls -l /etc/hosts
5.1.3) Reading the file "register.log" we have the results and the respectives dates of execution of commands:
cat register.log
Log of uname-r Tue Aug 11 16:15:34 2009 2.6.28-13-generic Tue Aug 11 16:15:34 2009 ---------------- Log of ls -l /etc/hosts Tue Aug 11 16:16:34 2009 -rw-r - r - 1 root root 293 2009-07-29 13:59 /etc/hosts Tue Aug 11 16:16:34 2009 ----------------
5.2) Registering remote sessions
5.2.1) With the following command we record in the "register5.log" file the current kernel version and the report file system disk space usage at 192.168.0.1 server:
logsave register5.log ssh root@192.168.0.1 "(uname-r; df-h)"
Now see the content of file:
cat register5.log
Log of ssh root@192.168.0.1 (uname-r; df-h) Tue Aug 11 16:10:44 2009 2.6.26-2-686 Sist. Architect Tam Used Disp Use% Mounted on /dev/sda1 19G 4.1G 14G 24% / tmpfs 951M 0 951M 0% /lib/init/rw udev 10M 124k 9.9M 2% /dev tmpfs 951M 0 951M 0% /dev/shm Tue Aug 11 16:10:51 2009 ----------------
5.2.2) Below to log locally all commands executed in the ssh session at 192.168.0.1 server, run the command:
logsave remote.log ssh wpc@192.168.0.1
After login run the commands:
echo hello
uname -a
ip address show eth0 | grep inet
Make the logout and see the content of file:
cat remote.log
Tue Aug 11 16:12:44 2009 ---------------- Log of ssh wpc@192.168.0.1 Tue Aug 11 16:13:08 2009 as2mwpc.treinamento Linux 2.6.26-2-686 # 1 SMP Sun Jun 21 04:57:38 UTC 2009 i686 Last login: Thu Aug 7 14:37:03 2009 from 192168236149 wpc@wpc.com.br: ~ $ echo hello Hello wpc@wpc.com.br: ~ $ uname -a as2mwpc.treinamento Linux 2.6.26-2-686 # 1 SMP Sun Jun 21 04:57:38 UTC 2009 i686 GNU / Linux wpc@wpc.com.br: ~ $ ip address show eth0 | grep inet BRD 192.168.0.255 inet 192.168.0.1/24 scope global eth0 wpc@wpc.com.br: ~ $ exit Logout Connection to 192.168.0.1 closed. Tue Aug 11 16:13:23 2009 ----------------
Have fun!
References:
Pedro Moura - RHCE - LPIC - CLP - CLE - CNI
AS2MWPC - Training and Consulting in GNU/Linux / OpenBSD / FreeBSD
Training in Linux - Meet our courses in http://wpc.com.br
logsave (8) (manual)
http://searchenterpriselinux.techtarget.com/tip/0,289483,sid39_gci1364174_mem1,00.html?track=NL-795&ad=719470&asrc=EM_NLN_8916233
http://www.cyberciti.biz/tips/howto-save-linux-unix-command-output-to-file.html