There is a /etc/profile.d/cmdlog.sh that content is:
function log2syslog {
declare COMMAND
COMMAND=$(fc -ln -0)
logger -p local2.notice -t cmdlog -- "${USER} ${PWD} [${COMMAND}]"
}
trap log2syslog DEBUG
There is a /etc/rsyslog.d/66-cmdaudit.conf that content is:
local2.notice -/var/log/cmdlog
After login_duo enable, It doesn't work anymore.
Is any way to back it work?