Use linux ‘script’ command to log user activity in simple way

What is 'script' command?

Script is a command which creates typescript that are printed in the terminal and stores using log files. This command is useful for monitoring the user activity and to keep record of every session that happened in the terminal. The records can also be saved and printed out for hardcopy.

There is other command like "history" which can be used to check the user activity but it records only the command line typed by the user. Script command is handy when you want to monitor every activity performed by individual users.

You can also replay commands that you recorded using the "scriptreplay" command by using a timing information.

How to use

To use script command is very simple with simple syntax. For more information about script command use "man script".

Basic Syntax

# script [options] - -timing=timing_file log_filename
To start recording
[charles@centos ~]#script
Script started, file is typescript
[charles@centos ~]#

the above command will start session recording to default file named "typescript"

You can also define a destination filname to store the result of typescript

[charles@centos ~]#script logfile.txt
Script started, file is logfile.txt
[charles@centos ~]#
To stoprecording
[charles@centos ~]#exit
Script done, file is logfile.txt
Example of using the script command

I will use file named history.log as a log file to record the session. You can give different name.

[charles@centos ~]#script history.log
Script started, file is history.log
[charles@centos ~]#

Let's begin with some activities.

[charles@centos ~]$ whoami
charles
[charles@centos ~]$ echo "sample test file" test.txt
sample test file test.txt
[charles@centos ~]$ ls
history.log
[charles@centos ~]$ ll
total 0
-rw-rw-r--. 1 charles charles 0 Feb  2 15:53 history.log‚Äč

End the recording with following command or press Ctrl+D keys to stop recording.

[charles@centos ~]$ exit
exit
Script done, file is history.log
[charles@centos ~]$

Now try to view the log file history.log to see the recording.

[charles@centos ~]$vi history.log

The output will look similar as shown below

Script started on Thu 02 Feb 2017 03:53:01 PM AWST

^[]0;charles@centos :~^G^[[?1034h[charles@centos ~]$ Script started, file is history.log^M

^[]0;charles@centos :~^G[charles@centos ~]$ ^C^M

^[]0;charles@centos :~^G[charles@centos ~]$ whoami^M

charles^M

^[]0;charles@centos :~^G[charles@centos ~]$ ^M^[[K[charles@centos ~]$ ^M^[[K[charles@centos ~]$ echo "test^H^[[K^H^[[K^H^[[K^H^[[Ksample test file" test.txt^M

sample test file test.txt^M

^[]0;charles@centos :~^G[charles@centos ~]$ ls^M

history.log^M

^[]0;charles@centos :~^G[charles@centos ~]$ ll^M

total 0^M

-rw-rw-r--. 1 charles charles 0 Feb  2 15:53 history.log^M

^[]0;charles@centos :~^G[charles@centos ~]$ exit^M

exit^M


Script done on Thu 02 Feb 2017 03:57:20 PM AWST

If you are not able to read it properly then use

cat history.log
Summary

The script command is easy to use and helps a lot when you need to monitor the activity of the user and keep track of every user activities into log files.

I hope this simple guide was useful and if you have anything to add please leave the comment below.

Use of scriptreplay command to replay scripts is not included in this post. There will be another post coming soon on this topic.

Keep visiting ..smiley

 

(Visited 175 times, 1 visits today)

Leave a Reply

Your email address will not be published. Required fields are marked *