Tag Archives: linux monitor user activity

Record Linux session using the script command

Leave a reply

Learn how to record Linux sessions using script command. This will help to keep a record of your commands and their outputs printed on the terminal at the time of execution.

Record your Linux session using ‘script’ command

In our last article we saw how to save PuTTY session output in a file on your desktop. In this article we will learn how to record session output in a file on the Linux server itself. And yes, it’s recording. It can be replayed later at any time and view commands being run and output being shown as it was done in real-time at the time of recording.

There are two utilities used for this task. script command used to record session and scriptreply is used to replay the recorded session from the file. In this article we will see Linux session recording using script command. scriptreply command is covered in this article.

script command takes a filename as an argument without any switch. It will write your commands along with their outputs in this file. Remember only commands ran after script command will be recorded and till you stop recording by hitting cntl+d key combination or typing exit. Make sure you have proper file permissions on the log file you are asking script to write into. Also, make sure you have enough space for recording since if your outputs are pretty lengthy then logfile gonna grow big.

Let’s start with an example. Here we are recording output in myoutputs.txt file. Command will be script myoutputs.txt:

[root@kerneltalks ~]# script myoutputs.txt
Script started, file is myoutputs.txt
[root@kerneltalks ~]# date
Thu Jul 27 01:31:39 EDT 2017
[root@kerneltalks ~]# hostname
kerneltalks
[root@kerneltalks ~]# w
 01:31:46 up 1 min,  2 users,  load average: 0.49, 0.21, 0.08
USER     TTY      FROM             LOGIN@   IDLE   JCPU   PCPU WHAT
ec2-user pts/0    59.184.148.123   01:31    2.00s  0.00s  0.19s sshd: ec2-user [priv]
root     pts/1                     01:31    2.00s  0.01s  0.01s w
[root@kerneltalks ~]# exit
Script done, file is myoutputs.txt

Now, observe above output.

  1. After script command execution, it notifies you (Script started, file is myoutputs.txt) that it has started recording your session and log file where it is recording.
  2. Then I punched in few commands for testing like date, hostname, w.
  3. I stopped recording by hitting the cntl+d key combination (exit command works too). script stopped and informed (Script is done, the file is myoutputs.txt) it has stopped recording.

Lets look at logfile myoutputs.txt

# cat myoutputs.txt
     Script started on Thu 27 Jul 2017 01:31:35 AM EDT
     [root@kerneltalks ~]# date
     Thu Jul 27 01:31:39 EDT 2017
     [root@kerneltalks ~]# hostname
     kerneltalks
     [root@kerneltalks ~]# w
      01:31:46 up 1 min,  2 users,  load average: 0.49, 0.21, 0.08
     USER     TTY      FROM             LOGIN@   IDLE   JCPU   PCPU WHAT
     ec2-user pts/0    59.184.148.123   01:31    2.00s  0.00s  0.19s sshd: ec2-user [priv]
     root     pts/1                     01:31    2.00s  0.01s  0.01s w
     [root@kerneltalks ~]# exit

     Script done on Thu 27 Jul 2017 01:31:51 AM EDT

Voila! All commands (including shell prompt PS), their outputs are there in the logfile. Notice that it also added timestamps at the top and bottom of the logfile indicating when the recording was started and stopped.

How to append script command recording in same logfile

Every time script command runs, it empties its logfile and adds content to it. If you want to append your recording to previously recorded file then you need to use -a (append) switch with it. This will keep data in a log file as it is and add new data to the bottom of the file.

[root@kerneltalks ~]# script -a myoutputs.txt
Script started, file is myoutputs.txt
[root@kerneltalks ~]# echo " I love kerneltalks.com"
 I love kerneltalks.com
[root@kerneltalks ~]# exit
exit
Script done, file is myoutputs.txt

I used -a switch in the above example to append new recording in the same file we created earlier. Tested one echo command. Let’s check the logfile.

[root@kerneltalks ~]# cat myoutputs.txt
     Script started on Thu 27 Jul 2017 01:31:35 AM EDT
     [root@kerneltalks ~]# date
     Thu Jul 27 01:31:39 EDT 2017
     [root@kerneltalks ~]# hostname
     kerneltalks
     [root@kerneltalks ~]# w
      01:31:46 up 1 min,  2 users,  load average: 0.49, 0.21, 0.08
     USER     TTY      FROM             LOGIN@   IDLE   JCPU   PCPU WHAT
     ec2-user pts/0    59.184.148.123   01:31    2.00s  0.00s  0.19s sshd: ec2-user [priv]
     root     pts/1                     01:31    2.00s  0.01s  0.01s w
     [root@kerneltalks ~]# exit

     Script done on Thu 27 Jul 2017 01:31:51 AM EDT
     Script started on Thu 27 Jul 2017 01:41:13 AM EDT
     [root@kerneltalks ~]# echo " I love kerneltalks.com"
      I love kerneltalks.com
     [root@kerneltalks ~]# exit
     exit

     Script done on Thu 27 Jul 2017 01:41:24 AM EDT

You can see there are two recordings in the same log file. You can distinguish them by their start and stop time (highlighted in output)

Conclusion :

script command can be used to log commands and their outputs on the Linux server itself. This command can be used in user profiles to monitor user activity on a server provided logfile mount point has huge free space to accommodate data generated by users.