7

I need to log in to various servers via ssh, and its a useful thing to log the terminal (even things in smitty menus/AIX and with correct/exact date/time). I already have a solution for this: 

0)
# with root:
apt-get install bsdutils

# with the given user:
mkdir ~/logs

1)
# append this to you're "~/.bashrc" - this must be the last line!!
STARTTIME=`date +%F-%Hh-%Mm-%Ss-%N`; script -q -t 2> /home/USERNAMEHERE/logs/$STARTTIME-timing.txt -c 'bash --rcfile /home/USERNAMEHERE/.bashrc-cp' -f /home/USERNAMEHERE/logs/$STARTTIME-log.txt; exit 0

2)
# make sure the 1) is the last line of bashrc, then [this is needed to avoid "fork bomb"..]:
sed -e '$d' /home/USERNAMEHERE/.bashrc > /home/USERNAMEHERE/.bashrc-cp

And this works GREAT!

Now, the question is: how to replay these terminal loggings? This is the default way to do this: 

REPLAY:
# rename the filenames to you're needs! - you can only play 1 file at one time..
scriptreplay "/home/USERNAMEHERE/logs/$STARTTIME-timing.txt" "/home/USERNAMEHERE/logs/$STARTTIME-log.txt"

Ok. It works. But it's not enough..: you can only start playing the recording. But what if you need the recording only from given time, or you need to know when exactly was a command excuted (you can see this in the terminal logfiles+timing files that "script" generates). Or better: you need terminal logging for educational purposes (so you need to stop the replay of the recording to write something down from it, etc.).

For these replay problems, I still haven't found and good programs. So I though I should write my own program about this (but I have only bash scripting experience).

I thought the best would be for this task is using ncurses (the replay solution needs to be used on several different OSes, like: OpenBSD, Ubuntu, Redhat). - the terminal logging could be an "auditing tool" to trace what the users done via SSH.

So I'm thinking about this (this is a terminal window, ex.: gnome-terminal):

User-interface mockup: search, replay buttons, scrollbar and timestamp at the bottom of the script

Q: What does unix.stackexchange think? Could this replay solution done with ncurses (or are there better->more portable/easy for a non programmer?)? Can you provide some hints/URL's how to do this? (can ncurses do this?)

p.s.: a sample for the terminal logging files (I opened a terminal, typed "echo hi", then closed the terminal): 

[USER@HOST ~/logs] cat -vte 2012-09-14-12h-46m-27s-509330863-log.txt 
Script started on Fri 14 Sep 2012 12:46:27 PM CEST$
^[[0;32m[USER@HOST ~]^[[m echo hi^M$
hi^M$
^[[0;32m[USER@HOST ~]^[[m [USER@HOST ~/logs] 
[USER@HOST ~/logs] 
[USER@HOST ~/logs] cat -vte 2012-09-14-12h-46m-27s-509330863-timing.txt 
0.512822 29$
0.179438 1$
0.925494 1$
0.254477 1$
0.065499 1$
0.075037 1$
0.139497 1$
0.136499 1$
0.039944 35$
[USER@HOST ~/logs]

UPDATE: I set a bounty on this question. :) (or are there any better logging solutions that can be replayed well? - ty!)

Community
  • 1
gasko peter
  • 5,434
  • 22
  • 83
  • 145
  • 1
    Just a comment: maybe `rootsh` can help you to achieve your goals. It is just perfect to log terminal sessions and i think it can help you to replay session as well (add marker/time stamps to your log file). Just calculate the time interval `dt` between consecutive logged commands, wait `dt` seconds and put the stdin and stdout of the logged session on stdout. And of course you can embed this in a ncurses front end, but i have no idea about that :) . Just my two cents. – user1146332 Sep 19 '12 at 19:24
  • someone else plz? – gasko peter Sep 26 '12 at 07:58

2 Answers2

3

AFAIK, there are no tools that do both logging and visualization equally well.

rootsh and similar tools are a good fit for traditional logging. Since your question regards visualization as important, and you are simply logging yourself - that's what my response focuses on.

TTYRec is a terminal screen recording system. It simply acts as a pseudo-terminal between you and the application or shell.

Everything below supports ttyrec format, so in theory you should be able to mix and match to suit.

Terminal recording

  • ttyrec is a screen recorder (ie. logger) that has been around a long time. It can be easily instantiated at login to mimic how you're forking script from .bashrc.
  • shelr is relatively young project that provides record, replay, and share. It's written in ruby. The web player mimics a traditional web video player (pause, seek forward/back). https://github.com/shelr
  • termrec, written in C, ttyrec alternative. Includes some interesting tools (proxyrec), and auto compresses recordings. Problems with non-80x24 terminal size.
  • ascii.io recorder written in python. A shelr type site and service, all open source.

Other Players

Other Software (incompatible format)

  • termdebug expands on ttyrec to support logging the input also.
h0tw1r3
  • 773
  • 5
  • 10
1

Another approach would be to use GNU screen and tell your shell to tell screen where to log the output before each command. For instance, with zsh (after having started a screen session):

preexec() {
  ((cmd++))
  { 
    date +%F-%T
    print -r -- "$3"
  } > ~/logs/$cmd
  screen -X msgminwait 0
  screen -X log off
  screen -X logfile ~/logs/$cmd
  screen -X log on
  screen -X msgminwait 3
}

Then, in ~/logs, you have numbered files with commands and their output.

Stéphane Chazelas
  • 522,931
  • 91
  • 1,010
  • 1,501