linux 查看ip、用户、时间对应执行的命令
这个需要使用到history命令。可以加数字,返回最近执行的几条命令。如果不加数字会返回所有的历史命令。
[root@localhost ~]# history 20 1015 rm stdin.log 1016 ll 1017 rm yy 1018 ll 1019 echo 'hello' 1>> echo.log 1020 ll 1021 cat echo.log 1022 echo 'world' 1>> echo.log 1023 cat echo.log 1024 echo 'world' 1> echo.log 1025 cat echo.log 1026 ll 1027 rm echo.log 1028 last 1029 history 1030 who am i 1031 clear 1032 history 1033* 1034 history 20
如果需要查看用户、ip和时间,需要配置linux的变量。
编辑
vim /etc/profile
后面添加变量:
export HISTTIMEFORMAT="%F %T `who am i` "
然后使之生效:
source /etc/profile
[root@localhost etc]# history 20 1022 2020-02-02 17:03:16 root pts/1 2020-02-02 13:31 (192.168.190.14) echo 'world' 1>> echo.log 1023 2020-02-02 17:03:20 root pts/1 2020-02-02 13:31 (192.168.190.14) cat echo.log 1024 2020-02-02 17:03:28 root pts/1 2020-02-02 13:31 (192.168.190.14) echo 'world' 1> echo.log 1025 2020-02-02 17:03:31 root pts/1 2020-02-02 13:31 (192.168.190.14) cat echo.log 1026 2020-02-02 17:09:05 root pts/1 2020-02-02 13:31 (192.168.190.14) ll 1027 2020-02-02 17:09:11 root pts/1 2020-02-02 13:31 (192.168.190.14) rm echo.log 1028 2020-02-02 17:12:58 root pts/1 2020-02-02 13:31 (192.168.190.14) last 1029 2020-02-02 17:14:15 root pts/1 2020-02-02 13:31 (192.168.190.14) history 1030 2020-02-02 17:47:12 root pts/1 2020-02-02 13:31 (192.168.190.14) who am i 1031 2020-02-02 17:53:15 root pts/1 2020-02-02 13:31 (192.168.190.14) clear 1032 2020-02-02 17:53:21 root pts/1 2020-02-02 13:31 (192.168.190.14) history 1033* 2020-02-02 17:53:29 root pts/1 2020-02-02 13:31 (192.168.190.14) 1034 2020-02-02 17:53:40 root pts/1 2020-02-02 13:31 (192.168.190.14) history 20 1035 2020-02-02 17:55:12 root pts/1 2020-02-02 13:31 (192.168.190.14) last 1036 2020-02-02 17:58:23 root pts/1 2020-02-02 13:31 (192.168.190.14) cd /etc 1037 2020-02-02 17:58:25 root pts/1 2020-02-02 13:31 (192.168.190.14) ll 1038 2020-02-02 17:58:33 root pts/1 2020-02-02 13:31 (192.168.190.14) vim profile 1039 2020-02-02 18:01:54 root pts/1 2020-02-02 13:31 (192.168.190.14) source /etc/profile 1040 2020-02-02 18:02:03 root pts/1 2020-02-02 13:31 (192.168.190.14) histoty 20 1041 2020-02-02 18:02:10 root pts/1 2020-02-02 13:31 (192.168.190.14) history 20
可以看到多出了,操作时间,用户,以及操作的ip。
who am i 比较容易理解,就是输出登入的用户名,登入时间,以及ip啥的。
那%F %T啥的,其实就是一种格式。这种格式是strftime函数。可以搜索了解下strftime。