Quick trick, I needed it to debug execution of remote nagios commands.
Just drop this file into /var/nagios/.bashrc
, assuming your local nagios
user is configured to use the /bin/bash
shell:
#!/bin/bash # # Log every command run by the nagios user # into /var/log/auth.log (at least on Debian and derivatives) # trap 'logger -p auth.info -t nagios "Running $BASH_COMMAND"' DEBUG
The trap
function executes a given command or list of commands when the list of signals specified as arguments are raised,
as in:
trap [COMMAND] [SIGNALS]
The DEBUG
signal is special: it will fire every time a command is executed. Using logger
ensures that whatever command the nagios user is trying to execute will be logged.
Last bit, how do you get the command text? It’s available in the $BASH_COMMAND
variable.
Here’s an extract of the resulting log information:
Mar 30 10:48:05 big1 nagios: Running /usr/lib/nagios/plugins/check_cpu -i 5 -w 90 -c 98 Mar 30 10:49:42 big1 nagios: Running /usr/lib/nagios/plugins/check_tcp -p 3306 Mar 30 10:49:42 big1 nagios: Running /var/nagios/libexec/check_load -w40,40,40 -c50,50,50 Mar 30 10:50:26 big1 nagios: Running /usr/lib/nagios/plugins/check_procs -w 1:1 -c 1:1 -a /usr/sbin/cron Mar 30 10:50:44 big1 nagios: Running /usr/lib/nagios/plugins/check_disk -w 20 -c 10 -r "^/(ssd|store[1-3])?$" ...
To learn more about traps, here’s a web search on “bash traps”.