How to capture the full command root logs from graylog server

bhagyaiah · December 29, 2022, 7:20am

how to capture the full command root logs from graylog server : for example when we run command with root login " lsmod | grep -i usb" - it is not showing logs with full command. showing lsmod only

tmacgbay · December 29, 2022, 7:35pm

Can you give some more detail on what and how you are pulling those logs? Are you talking about .bash_history? Are you using filebeat or nxlog to retrieve those? What OS are you using? CentOS, Ubuntu, FreeBSD?

** I moved your question to Graylog Central, where questions are asked…

bhagyaiah · January 2, 2023, 9:31am

Hi The OS is CentOS 7.9 and using rsyslod for collecting logs from server.

When I run any command like lsmod | grep -i usb —> it is not showing in graysys log events that I executed total command ( lsmod | grep -i usb) … It shows only lsmod

gsmith · January 2, 2023, 11:58pm

Hey @bhagyaiah

Not sure what you trying to do. Could you answer @tmacgbay questions?

tmacgbay · January 4, 2023, 2:03am

Your environment and what you are doing is a complete black box… you need to provide more information for us to help you. Here are some posts on how to give more details:

system · January 18, 2023, 2:04am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
History command line to graylog Graylog Central (peer support)	3	227	January 2, 2024
Syslog data collection for GrayLog Graylog Central (peer support)	10	3019	August 12, 2017
More general questions about how Graylog works Graylog Central (peer support)	11	718	June 27, 2022
Graylog getting partial logs Graylog Central (peer support)	2	127	March 28, 2024
Source shows hits but no messages shown Graylog Central (peer support)	5	508	July 28, 2022

How to capture the full command root logs from graylog server

Related Topics