The Bash history feature is an invaluable details/ information which allows users to recall commands previously entered into their shell with relative ease. This makes it easy to enter repeated commands and keep track of what was done on a system.
By default, however, a user is unable to see when these commands were actually entered. When auditing a system, it can sometimes be useful to see this type of information, for example when trying to determine how and when a file may have gone missing on the file system. Since Bash version 3, however, you are able to enable time-stamping of entries for review later.
Applicable versions of Bash provide the environment variable HISTTIMEFORMAT which you can set for this purpose. Although it is empty by default, you can simple assign a time format string to enable time-stamping.
First run this command :
user@localhost :~$ history
53 vi /etc/fstab
54 umount /ebs
55 mount /ebs/local
user@localhost :~$ export HISTTIMEFORMAT="%F %T "
Again execute history command :
user@localhost:~$ history
53 2016–03–02 08:27:38 vi /etc/fstab
54 2016–03–02 08:27:38 umount /ebs
55 2016–03–02 08:27:38 mount /ebs/local
More help for set time format in date command manual page :
man date
Now you can Add it to your .bashrc end of the file so it’s always there.
user@localhost:~$ vi .bashrc
# ~/.bashrc: executed by bash(1) for non-login shells.
export HISTTIMEFORMAT="%F %T "
By default, however, a user is unable to see when these commands were actually entered. When auditing a system, it can sometimes be useful to see this type of information, for example when trying to determine how and when a file may have gone missing on the file system. Since Bash version 3, however, you are able to enable time-stamping of entries for review later.
Applicable versions of Bash provide the environment variable HISTTIMEFORMAT which you can set for this purpose. Although it is empty by default, you can simple assign a time format string to enable time-stamping.
First run this command :
user@localhost :~$ history
53 vi /etc/fstab
54 umount /ebs
55 mount /ebs/local
Enable timestamp in history command
To enable time stamp on your bash history type following command on your terminal:user@localhost :~$ export HISTTIMEFORMAT="%F %T "
Again execute history command :
user@localhost:~$ history
53 2016–03–02 08:27:38 vi /etc/fstab
54 2016–03–02 08:27:38 umount /ebs
55 2016–03–02 08:27:38 mount /ebs/local
More help for set time format in date command manual page :
man date
Now you can Add it to your .bashrc end of the file so it’s always there.
user@localhost:~$ vi .bashrc
# ~/.bashrc: executed by bash(1) for non-login shells.
export HISTTIMEFORMAT="%F %T "
