/etc/bashrc
if [ -z "$opuser" ]; then
read -p "Enter your Name: " opuser
fi
while [[ -z $opuser ]]
do
read -p "Enter your name: " opuser
opuser=${opuser// /}
done
export PROMPT_COMMAND='PREV_CMD=$(history 1 | sed -r "s/^\s*[0-9]+\s*//"); if [ "$PREV_CMD" != "$LAST_CMD" ]; then logger -p local6.debug "{\
\"user\": \"$opuser\", \
\"path\": \"$(pwd)\", \
\"command\": \"$(echo "$PREV_CMD")\"};
fi; LAST_CMD="$PREV_CMD"'
/etc/rsyslog.conf
local6.* /var/log/bash.log
/etc/logrotate.d/syslog
## add the below line ##
/var/log/bash.log
Fluent-bit configuration
## /etc/fluent-bit/fluent-bit.conf
[SERVICE]
Flush 1
Daemon Off
Log_level debug
http_server On
http_listen 0.0.0.0
http_port 2020
Parsers_File parsers.conf
[INPUT]
Name tail
Tag bash_history
Path /var/log/bash.log
DB /var/log/bash.log.db
Parser main_parser
[FILTER]
Name modify
Match bash_history
Add clutername talos.home
[FILTER]
Name parser
Match bash_history
Key_Name command
Reserve_Data On
Parser json
[OUTPUT]
Name opensearch
Match bash_history
Host opensearch.homek8s.cloud
Port 443
Buffer_Size 10M
HTTP_User admin
HTTP_Passwd admin
Logstash_Format True
Logstash_Prefix bash-log
Logstash_DateFormat %Y.%m.%d
Suppress_Type_Name On
tls On
tls.verify Off
parsers.conf
[PARSER]
Name main_parser
Format regex
Regex ^(?<time>[^ ]* {1}[^ ]* {1}[^ ]*) (?<hostname>[^ ]*) (?<account>[a-zA-Z0-9_]*)(\[[^\]]*\])?:\s(?<command>.*)$
Time_Key timestamp
Time_Format %Y-%m-%dT%H:%M:%S.%LZ
[PARSER]
Name json
Format json