Get insights from your command history with dockernized ELK stask.
- WARNINGS
- Requirements
- How to start
- How to stop
- How to reasume
- How to upgrade
- Features
- Future works (TODO)
- Another data source
-
This software is currently POC status.
- Specifications are subject to change.
- But it doesn't mess your environment because of using docker. Please feel free to try!
-
Only minimal features are currently supported.
- I am new at ELK stack now.
- History files don't contain enough information to analyze. Another data source
- Install docker, docker-compose on your computer.
- Linux
- I'm sure that the linux guys know how to install docker. So I won't explain how to install docker here.
- I tested against ubuntu 16.04 only, but it should work on current linux distributions.
- macOS
brew cask install docker
- Setup data souce(currently support zsh only)
- Zsh history file
- Add minmal settings to your .zshrc.
- Zsh history file does not log your command history precisely. So I strongly recommend you use another data source.
# Set the location of history file to track by logstash
# Currently it does not work with any other value
export HISTFILE="$HOME/.zsh_history"
# Extend the number of history appended to $HISTFILE to analyze
export SAVEHIST=1000000
# Extend history format to retrieve beginning time
# as datetime when command executed
# : <beginning time>:<elapsed seconds>;<command>
setopt extended_history
# Write out the command history immediately to update kibana dashboard soon
setopt share_history
- b4b4r07/zsh-history
- Install b4b4r07/zsh-history
- Add minimal settings to your .zshrc.
# Set the location of zsh-history db to track by logstash
# Currently it does not work with any other value
export ZSH_HISTORY_FILE="$HOME/.zsh_history.db"
- larkery/zsh-histdb
- Install larkery/zsh-histdb
- Set your timezone
- Add timzone settings to your .zshrc.
# Change containers timezone to convert command execution datetime
# to UTC properly
# Change the value according to your timezone
export TZ='Asia/Tokyo'
- Clone this repo in your computer then cd into repo.
$ git clone https://github.com/codequokka/shell-history-analyzer
$ cd shell-history-analyzer
- Boot dockernized ELK stack.
$ docker-compose up -d
- Go into kibana and emjoy it!
- If you access kibana too soon, you will encounter some errors on kibana.
- In that case, please wait a few minutes until your shell histories are sent to kibana.
Stop ELK stack.
$ docker-compose stop
Start ELK stack.
- If you start again, your histories added after stopping ELK are also sent to kibana.
$ docker-compose start
- Down ELK stack, remove their container images.
$ docker-compose down --rmi all
- Update repository
$ git pull
- Remove logstash files (keeps track of the current position of monitored history files or DB)
- Be careful not to delete your data source file! I recommend you use copy and paste.
# For zsh history file data source
$ rm ~/.zsh_history_sincedb
# For b4b4r07/zsh-history data source
$ rm ~/.zsh_history.db_last_run
# For larkery/zsh-histdb data source
$ rm ~/.histdb/.zsh-history.db_last_run
- Boot dockernized ELK stack again.
$ docker-compose up -d
-
Basic statistics about your command history
- Number of execution
- Number of execution error
- Tag cloud of execution
- Ratio of execution
- Number of execution by dir
- List of commands
- Transition of execution
-
Update dashoboard continously when your shell history added
- Another data source support
- Display command options in dashboard
- Fish shell support
-
Shell history files are designed for reusing them in command line.
- They does not log your accurate command execution.
- They does not log context informaton(Ex. pwd, hostname, etc).
-
Another data sources are required to analyze more.
- I examine following data sources and support in future release.