jdavidrcamacho · December 12, 2025 14:17
diff --git a/GA_demo_steps.sh b/GA_demo_steps.sh
 # Install fluent-package v6 LTS: 

 sudo apt update  

 curl -fsSL https://fluentd.cdn.cncf.io/sh/install-ubuntu-noble-fluent-package6-lts.sh | sudo sh  

 # Make sure the service is up and running: 

 sudo systemctl enable --now fluentd  

 sudo systemctl status fluentd  

 # Replace the definitions at /etc/fluent/fluentd.conf with this config: 

 <system> 
  log_level info 
 </system> 

 <source> 
  @type tail 
  path /var/log/commands.log 
  pos_file /var/log/fluentd/commands.pos 
  tag shell_commands 
  <parse> 
    @type none 
  </parse> 
  read_from_head true 
 </source> 

 <match shell_commands> 
  @type copy 

  <store> 
    @type stdout 
  </store> 

  <store> 
    @type forward 
    <server> 
      host 10.50.20.9 
      port 24224 
    </server> 
  
    <buffer>
      @type memory
      flush_mode interval
      flush_interval 1s 
      flush_thread_count 2
      chunk_limit_size 256k
      retry_forever true
      retry_max_interval 5
    </buffer>
  </store> 
 </match> 

 # Then in the terminal do: 

 sudo touch /var/log/commands.log 

 sudo mkdir -p /var/log/fluentd 

 # To ensure files/dirs exist, then do: 

 sudo chmod 644 /var/log/commands.log 

 sudo chmod 777 /var/log/fluentd 

 # To allow any user to read the log and Fluentd to write its pos file. Then restart and test: 

 sudo systemctl restart fluentd 

 sudo journalctl -u fluentd -f 

 # And in a new terminal: 

 echo "Hello world from a test VM" | sudo tee -a /var/log/commands.log 

 # Now to collect terminal commands do edit /etc/bash.bashrc (this file is sourced for all interactive shells): 

 sudo nano /etc/bash.bashrc 

 # Scroll to the bottom and paste this block: 

 # Command logger for Fluentd 
 if [ -n "$PS1" ] && [ -z "$BASH_COMMAND_LOGGER_SET" ]; then 
  export BASH_COMMAND_LOGGER_SET=1 
  shopt -s histappend 
  export HISTTIMEFORMAT="%F %T " 
  LOG_FILE="/var/log/commands.log" 
  LOG_HOST="$(hostname)"
  LOG_IP="$(hostname -I 2>/dev/null | awk '{print $1}')"
  PROMPT_COMMAND='LAST_CMD=$(HISTTIMEFORMAT= history 1 | sed "s/^ *[0-9]\+ *//"); \
    printf "%s host=%q ip=%q user=%q tty=%q pwd=%q cmd=%q\n" "$(date --iso-8601=seconds)" "$LOG_HOST" "$LOG_IP" "$USER" "$(tty 2>/dev/null)" "$PWD" "$LAST_CMD" >> "$LOG_FILE"; \
    history -a'
 fi 

 # Save and exit.  In a new terminal do 

 sudo usermod -aG cmdlog $USER 

 ls -l /var/log/commands.log  

 sudo chgrp cmdlog /var/log/commands.log 

 sudo chmod 666 /var/log/commands.log

 # Not sure why but I tried so many things, and this seemed to have some effect.  

 # Log out and log in to Ubuntu. Open a terminal and start typing the commands should now be saved in the /var/log/test.log file. You can check them by doing 

 sudo nano /var/log/commands.log
	# Install fluent-package v6 LTS:

	sudo apt update

	curl -fsSL https://fluentd.cdn.cncf.io/sh/install-ubuntu-noble-fluent-package6-lts.sh \| sudo sh

	# Make sure the service is up and running:

	sudo systemctl enable --now fluentd

	sudo systemctl status fluentd

	# Replace the definitions at /etc/fluent/fluentd.conf with this config:

	<system>
	log_level info
	</system>

	<source>
	@type tail
	path /var/log/commands.log
	pos_file /var/log/fluentd/commands.pos
	tag shell_commands
	<parse>
	@type none
	</parse>
	read_from_head true
	</source>

	<match shell_commands>
	@type copy

	<store>
	@type stdout
	</store>

	<store>
	@type forward
	<server>
	host 10.50.20.9
	port 24224
	</server>

	<buffer>
	@type memory
	flush_mode interval
	flush_interval 1s
	flush_thread_count 2
	chunk_limit_size 256k
	retry_forever true
	retry_max_interval 5
	</buffer>
	</store>
	</match>

	# Then in the terminal do:

	sudo touch /var/log/commands.log

	sudo mkdir -p /var/log/fluentd

	# To ensure files/dirs exist, then do:

	sudo chmod 644 /var/log/commands.log

	sudo chmod 777 /var/log/fluentd

	# To allow any user to read the log and Fluentd to write its pos file. Then restart and test:

	sudo systemctl restart fluentd

	sudo journalctl -u fluentd -f

	# And in a new terminal:

	echo "Hello world from a test VM" \| sudo tee -a /var/log/commands.log

	# Now to collect terminal commands do edit /etc/bash.bashrc (this file is sourced for all interactive shells):

	sudo nano /etc/bash.bashrc

	# Scroll to the bottom and paste this block:

	# Command logger for Fluentd
	if [ -n "$PS1" ] && [ -z "$BASH_COMMAND_LOGGER_SET" ]; then
	export BASH_COMMAND_LOGGER_SET=1
	shopt -s histappend
	export HISTTIMEFORMAT="%F %T "
	LOG_FILE="/var/log/commands.log"
	LOG_HOST="$(hostname)"
	LOG_IP="$(hostname -I 2>/dev/null \| awk '{print $1}')"
	PROMPT_COMMAND='LAST_CMD=$(HISTTIMEFORMAT= history 1 \| sed "s/^ [0-9]\+ //"); \
	printf "%s host=%q ip=%q user=%q tty=%q pwd=%q cmd=%q\n" "$(date --iso-8601=seconds)" "$LOG_HOST" "$LOG_IP" "$USER" "$(tty 2>/dev/null)" "$PWD" "$LAST_CMD" >> "$LOG_FILE"; \
	history -a'
	fi

	# Save and exit.  In a new terminal do

	sudo usermod -aG cmdlog $USER

	ls -l /var/log/commands.log

	sudo chgrp cmdlog /var/log/commands.log

	sudo chmod 666 /var/log/commands.log

	# Not sure why but I tried so many things, and this seemed to have some effect.

	# Log out and log in to Ubuntu. Open a terminal and start typing the commands should now be saved in the /var/log/test.log file. You can check them by doing

	sudo nano /var/log/commands.log
No results found