wiki

The default size of the history file is 500 lines for root and 128 lines for other users.
The history file doesn't record what date/time commands were run.

To customize you .sh_history file use:

export HISTSIZE=10000
export EXTENDED_HISTORY=ON
export HISTDATEFMT=%d/%m/%Y %H:%M:%S

Careful Before putting some settings in read-only, be sure to have no place (for example user which try to override these variables in .profile, or scripts) to reload these variables, else your login will stop.

Put there variable in readonly for all users in /etc/profile:

typeset -r HISTSIZE
typeset -r EXTENDED_HISTORY
typeset -r HISTDATEFMT

These will increase the history size to 10,000 lines and record date/time stamps for each command run. Use the “-t” flag with the history command to see the date/time stamps next to each command.

# history -t
58 2009/08/26 13:47:50 :: view .profile
59 2009/08/26 13:48:21 :: history -t

To log centralize all commands, use syslog facility:

Add into /etc/profile

function history_to_syslog
{
declare cmd
cmd=$(fc -ln -0)
logger -p local7.notice — SESSION = $$, CMD =$cmd
}
trap history_to_syslog DEBUG

syslog_exist=$(ps -ef |grep "tail -0f $HISTFILE"|grep -v grep |wc -l)
if [ $syslog_exist -eq 0 ]
then
tail -0f $HISTFILE| while read linha
do
text=`echo "WHO = $LOGNAME, CMD ="`
logger -p local7.notice -t $text $linha
done &
fi

function log2syslog
{
 declare command
 command=$(fc -ln -0)
 logger -p local1.notice -t bash -i — $USER : $command
}
trap log2syslog DEBUG

# cat /etc/profile

. /sbin/log.sh

# cat /sbin/log.sh

function log
{
if [[ $- = *i* ]]; then
  if [[ $LOGNAME = !(nagios|*adm) ]] ; then
    typeset TTY=`who am i | awk '{print $2}'`
    if [[ $TTY = @(pts*) ]] ; then
      typeset -i STAT=$?
      typeset X=$(fc -t -n -0)
      logger -p daemon.info -t "$LOGNAME $$" $TTY Status $STAT PWD $PWD ${X#  }
    fi
  fi
fi
}
trap log DEBUG

We left out all *adm users, as SAP with Java normally uses hundreds of embedded profiles and therefore the switching to that one user took sometimes 5 seconds which gave us quite a pain.

Will convert epoch date, and sort by date

alias TS='_TS(){ /opt/freeware/bin/date --date="@$1" +%Y/%m/%d-%T ; }; _TS'
strings -n1 .sh_history | rev| while read i j
do
timest=$(echo $i | sed 's/#/\ /g' | awk '{print $2}' | rev)
end=$(echo $j | rev)
echo "$timest : $end"
done > /tmp/hist_file.txt
sort /tmp/hist_file.txt |  while read a b
do
echo $(TS $a) "$b"
done

# Will Give me ip of person logged in
WHOAMI=`who -m | cut -d '(' -f 2| cut -d ')' -f1`  
# Will give me tty ID
MYTTY=`who -m | awk '{print $2;}' | cut -d '/' -f2`
DATE=`date +"%Y_%m_%d_%H%M%S"`
DAY=`date +"%Y_%m_%d"`
shopt -s histappend
mkdir -p $HOME/HISTORY/${WHOAMI}/${DAY}
touch $HOME/HISTORY/${WHOAMI}/${DAY}/.HIST_${MYTTY}_${DATE}
export HISTTIMEFORMAT='%F %T '
export HISTFILESIZE=100
export HISTSIZE=100
# stores history file per terminal
export HISTFILE=$HOME/HISTORY/${WHOAMI}/${DAY}/.HIST_${MYTTY}_${DATE}
export PS1='[\[\e[4;32m\]\u@\h\[\e[0m\] \[\e[1;36m\]$PWD\[\e[0m\]]\! $'
# Updates the HISTFILE at real time i.e. when user presses enter
export PROMPT_COMMAND="history -a; history -c; history -r; ${PROMPT_COMMAND}"
history -r $HISTFILE

[root@aixsrv]/root # tail -100 /etc/profile
...
[[ $EXTENDED_HISTORY != 'ON' ]]   && export EXTENDED_HISTORY=ON
[[ $HISTSIZE -ne 10000 ]]         && export HISTSIZE=10000
[[ $HISTTIMEFORMAT != '%F %T ' ]] && export HISTTIMEFORMAT="%F %T "

EDITOR=/usr/bin/vi
HOSTNAME=$(/usr/bin/hostname)
PS1="[\$LOGNAME@\$HOSTNAME]\$PWD# "

export EDITOR HOSTNAME PS1

export MANPATH=$MANPATH:/usr/share/man:/usr/lpp/X11/man:/opt/freeware/man

export DSM_LOG=/tmp     # centralize all TSM logs dsmj.log

alias ll='ls -lsa'

if tty >/dev/null 2>&1
then
  From="`/usr/bin/who am i | awk '{ print $1 }'`"
  To="`/usr/bin/whoami | awk '{ print $1 }'`"
  File="$From:$To"
  if [ ! -d /var/adm/history/$To ]
    then
    mkdir -p /var/adm/history/$To
    chmod 700 /var/adm/history/$To
  fi
  [[ $HISTFILE != "/var/adm/history/$To/.sh_history.$File" ]] &&  export HISTFILE=/var/adm/history/$To/.sh_history.$File
fi

trap 1 2 3