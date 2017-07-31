Learn how to record Linux session using script command. This will help to keep a record of your commands and their outputs printed on terminal at the time of execution.

In our last article we saw how to save PuTTY session output in file on your desktop. In this article we will learn how to record session output in file on Linux server itself. And yes, its recording. It can be replayed later at any time and view commands being run and output being shown as it was done in real time at the time of recording.

There are two utilities used for this task. script command used to record session and scriptreply is used to replay the recorded session from file. In this article we will see Linux session recording using script command. scriptreply command will be covered in upcoming article.

script command takes filename as an argument without any switch. It will write your commands along with their outputs in this file. Remember only commands ran after script command will be recorded and till you stop recording by hitting cntl+d key combination or typing exit. Make sure you have proper file permissions on logfile you are asking script to write into. Also, make sure you have enough space for recording since if your outputs are pretty lengthy then logfile gonna grow big.

Lets start with example. Here we are recording output in myoutputs.txt file. Command will be ‘script myoutputs.txt‘:

[root@kerneltalks ~]# script myoutputs.txt Script started, file is myoutputs.txt [root@kerneltalks ~]# date Thu Jul 27 01:31:39 EDT 2017 [root@kerneltalks ~]# hostname kerneltalks [root@kerneltalks ~]# w 01:31:46 up 1 min, 2 users, load average: 0.49, 0.21, 0.08 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT ec2-user pts/0 59.184.148.123 01:31 2.00s 0.00s 0.19s sshd: ec2-user [priv] root pts/1 01:31 2.00s 0.01s 0.01s w [root@kerneltalks ~]# exit Script done, file is myoutputs.txt 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 [ root @ kerneltalks ~ ] # script myoutputs.txt Script started , file is myoutputs .txt [ root @ kerneltalks ~ ] # date Thu Jul 27 01 : 31 : 39 EDT 2017 [ root @ kerneltalks ~ ] # hostname kerneltalks [ root @ kerneltalks ~ ] # w 01 : 31 : 46 up 1 min , 2 users , load average : 0.49 , 0.21 , 0.08 USER TTY FROM LOGIN @ IDLE JCPU PCPU WHAT ec2 - user pts / 0 59.184.148.123 01 : 31 2.00s 0.00s 0.19s sshd : ec2 - user [ priv ] root pts / 1 01 : 31 2.00s 0.01s 0.01s w [ root @ kerneltalks ~ ] # exit Script done , file is myoutputs .txt

Now, observe above output.

After script command execution, it notifies you (Script started, file is myoutputs.txt) that it has started recording your session and logfile where it is recording. Then I punched in few commands for testing like date, hostname, w. I stopped recording by hitting cntl+d key combination (exit command works too). script stopped and informed (Script done, file is myoutputs.txt) it has stopped recording.

Lets look at logfile myoutputs.txt

# cat myoutputs.txt Script started on Thu 27 Jul 2017 01:31:35 AM EDT [root@kerneltalks ~]# date Thu Jul 27 01:31:39 EDT 2017 [root@kerneltalks ~]# hostname kerneltalks [root@kerneltalks ~]# w 01:31:46 up 1 min, 2 users, load average: 0.49, 0.21, 0.08 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT ec2-user pts/0 59.184.148.123 01:31 2.00s 0.00s 0.19s sshd: ec2-user [priv] root pts/1 01:31 2.00s 0.01s 0.01s w [root@kerneltalks ~]# exit Script done on Thu 27 Jul 2017 01:31:51 AM EDT 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 # cat myoutputs.txt Script started on Thu 27 Jul 2017 01 : 31 : 35 AM EDT [ root @ kerneltalks ~ ] # date Thu Jul 27 01 : 31 : 39 EDT 2017 [ root @ kerneltalks ~ ] # hostname kerneltalks [ root @ kerneltalks ~ ] # w 01 : 31 : 46 up 1 min , 2 users , load average : 0.49 , 0.21 , 0.08 USER TTY FROM LOGIN @ IDLE JCPU PCPU WHAT ec2 - user pts / 0 59.184.148.123 01 : 31 2.00s 0.00s 0.19s sshd : ec2 - user [ priv ] root pts / 1 01 : 31 2.00s 0.01s 0.01s w [ root @ kerneltalks ~ ] # exit Script done on Thu 27 Jul 2017 01 : 31 : 51 AM EDT

Voila! All commands (including shell prompt PS), their outputs are there in logfile. Notice that it also added timestamps at top and bottom of logfile indicating when recording was started and stopped.

How to append script command recording in same logfile

Every time script command runs, it empty its logfile and add contents to it. If you want to append your recording to previously recorded lofile then you need to use -a (append) switch with it. This will keep data in logfile as it is and add new data to bottom of file.

[root@kerneltalks ~]# script -a myoutputs.txt Script started, file is myoutputs.txt [root@kerneltalks ~]# echo " I love kerneltalks.com" I love kerneltalks.com [root@kerneltalks ~]# exit exit Script done, file is myoutputs.txt 1 2 3 4 5 6 7 8 9 [ root @ kerneltalks ~ ] # script -a myoutputs.txt Script started , file is myoutputs .txt [ root @ kerneltalks ~ ] # echo " I love kerneltalks.com" I love kerneltalks .com [ root @ kerneltalks ~ ] # exit exit Script done , file is myoutputs .txt

I used -a switch in above example to append new recording in same file we created earlier. Tested one echo command. Lets check logfile.

[root@kerneltalks ~]# cat myoutputs.txt Script started on Thu 27 Jul 2017 01:31:35 AM EDT [root@kerneltalks ~]# date Thu Jul 27 01:31:39 EDT 2017 [root@kerneltalks ~]# hostname kerneltalks [root@kerneltalks ~]# w 01:31:46 up 1 min, 2 users, load average: 0.49, 0.21, 0.08 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT ec2-user pts/0 59.184.148.123 01:31 2.00s 0.00s 0.19s sshd: ec2-user [priv] root pts/1 01:31 2.00s 0.01s 0.01s w [root@kerneltalks ~]# exit Script done on Thu 27 Jul 2017 01:31:51 AM EDT Script started on Thu 27 Jul 2017 01:41:13 AM EDT [root@kerneltalks ~]# echo " I love kerneltalks.com" I love kerneltalks.com [root@kerneltalks ~]# exit exit Script done on Thu 27 Jul 2017 01:41:24 AM EDT 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 [ root @ kerneltalks ~ ] # cat myoutputs.txt Script started on Thu 27 Jul 2017 01 : 31 : 35 AM EDT [ root @ kerneltalks ~ ] # date Thu Jul 27 01 : 31 : 39 EDT 2017 [ root @ kerneltalks ~ ] # hostname kerneltalks [ root @ kerneltalks ~ ] # w 01 : 31 : 46 up 1 min , 2 users , load average : 0.49 , 0.21 , 0.08 USER TTY FROM LOGIN @ IDLE JCPU PCPU WHAT ec2 - user pts / 0 59.184.148.123 01 : 31 2.00s 0.00s 0.19s sshd : ec2 - user [ priv ] root pts / 1 01 : 31 2.00s 0.01s 0.01s w [ root @ kerneltalks ~ ] # exit Script done on Thu 27 Jul 2017 01 : 31 : 51 AM EDT Script started on Thu 27 Jul 2017 01 : 41 : 13 AM EDT [ root @ kerneltalks ~ ] # echo " I love kerneltalks.com" I love kerneltalks .com [ root @ kerneltalks ~ ] # exit exit Script done on Thu 27 Jul 2017 01 : 41 : 24 AM EDT

You can see there are two recordings in same log file. You can distinguish them by their start and stop time (highlighted in output)

Conclusion :

script command can be used to log commands and their outputs on Linux server itself. This command can be used in user profiles to monitor user activity on server provided logfile mount point has huge free space to accommodate data generated by users.