Automatic session logging and monitoring with GNU screen for the paranoid.

Yes its been a while since I have checked in. Sorry I’ve just been too busy. But I have a great tip this time. Recently I had the need to do automatic session logging. A 3rd party was going to be logging into one of my servers to check out some software glitches that were happening. I love using GNU Screen for many shell tasks so using it for monitoring was logical. Screen is great for several reasons. First you can detach from it so you can leave the office, go home and re-attach and not have lost your place. Second, you can share another screen. It can be shared input or you can just watch what someone else is doing. Finally screen can do native logging. I wanted to automattically launch a screen session when somone logged in so if I happened to be on the server I could monitor them in real time. I also wanted a log of the session in case I wanted to look over it later or if I was not able to monitor the session live.


I ended up adding the following to my .bashrc

# -- if $STARTED_SCREEN is set, don't try it again, to avoid looping
# if screen fails for some reason.
if [[ "$PS1" &&; "${STARTED_SCREEN:-No}" = No && "${SSH_TTY:-No}" != No ]]; then
STARTED_SCREEN=1 ; export STARTED_SCREEN
if [ -d $HOME/log/screen-logs ]; then
sleep 1
screen -RR && exit 0
echo "Screen failed! continuing with normal bash startup"
else
mkdir -p $HOME/log/screen-logs
fi
# [end of auto-screen snippet]

Lets go through that …..

if [[ "$PS1" && "${STARTED_SCREEN:-No}" = No && "${SSH_TTY:-No}" != No ]]

If I have some title at my terminal and if STARTED_SCREEN is set and non-null, (expands to $STARTED_SCREEN. Otherwise, expands to No.) and if SSH_TTY is set and not null, then we can attempt to create the screen.
$SSH_TTY is set when you ssh in, it should not be tripped by scp or sftp logins either.

then
STARTED_SCREEN=1 ; export STARTED_SCREEN

Here STARTED_SCREEN is set so that we dont loop on login creating a ton of screens.

if [ -d $HOME/log/screen-logs ]; then

if the directory is present

#sleep 1
screen -RR && exit 0
# normally, execution of this rc script ends here...
echo "Screen failed! continuing with normal bash startup"

Attempt to reattach any unattached screens. If there are no screens to be attached then make one and attach to it.

And I added the following to my .screenrc

# support color X terminals
termcap xterm 'XT:AF=\E[3%dm:AB=\E[4%dm:AX'
terminfo xterm 'XT:AF=\E[3%p1%dm:AB=\E[4%p1%dm:AX'
termcapinfo xterm 'XT:AF=\E[3%p1%dm:AB=\E[4%p1%dm:AX:hs:ts=\E]2;:fs=\007:ds=\E]2;screen\007'
termcap xtermc 'XT:AF=\E[3%dm:AB=\E[4%dm:AX'
terminfo xtermc 'XT:AF=\E[3%p1%dm:AB=\E[4%p1%dm:AX'
termcapinfo xtermc 'XT:AF=\E[3%p1%dm:AB=\E[4%p1%dm:AX:hs:ts=\E]2;:fs=\007:ds=\E]2;screen\007'

# detach on hangup
autodetach on
# no startup msg
startup_message off
# always use a login shell
shell -$SHELL

# auto-log
logfile $HOME/log/screen-logs/%Y%m%d-%n.log
deflog on

Most of this is self explanatory the log file for auto logging and deflog on are what give you your fun logs to look over later.

You might also want to do some logrotate on the logs or some script to expire logs that are x days old. If you forget about them over time they may try to eat your file system.

Note: I picked this up somewhere else a while back i just don’t remember exactly where. I modified it slightly to make it more readable but the credit goes to the original author. I think it was http://taint.org/wk/RemoteLoginAutoScreen.

13 Comments

  • […] post on Automatic session logging and monitoring with GNU screen seems to have been well received. I have had more hits by far on that post today than ever before. […]

  • […] Complete article is available here: Automatic session logging and monitoring with GNU screen for the paranoid. […]

  • […] can I access the same session everywhere I go, it’ll be logged in one place.I used directions here. Well, I actually just added this to my […]

  • Wow… this article is from 2007 and not one comment some minor problems in the code above…

    First of, on the first line,

    if [[ “$PS1” &&; “${STARTED_SCREEN:-No}” = No && “${SSH_TTY:-No}” != No ]]; then

    It has a ; after the &&.

    Second it’s missing a closing fi tag.

  • I think the code has been botched from some wordpress changes. I can email you the file if you like. Ill try to put it on my list of thigs to fix.

  • Hmm… I’m having a problem with it.

    I got the script to work and to connect on login either to the existing screen session or to create a new one.

    Now, if I type ‘exit’ on the terminal, it’ll just exit and won’t create the log file.

    I have to hit, Ctrl+a H so the log file is written and then I can exit the session and have everything until Ctrl+a H recorded.

    The problem with this is that I have to remember to hit Ctrl+a H everytime I close a screen window…

    Have you figured this out?

  • If you still have the code, that would actually be awesome.

  • I don’t recall having that probelm. Honestly its been since 2007 since I have used that :). I haven’t needed it since. I still use the automatic screen attach part but I disabled the logging long ago.

    I haven’t needed the logging stuff in a while. I think the last time I needed logging stuff I used script so I could use scriptreplay.

  • I will see what I can find

  • “Hon­estly its been since 2007 since I have used that :).”

    Maybe new functionalities or something in Screen changed? Hehe I probably wouldn’t remember either.

    Also, thanks for even looking. I also hadn’t heard of scriptreplay… I’ll Google that too and see what I can find.

    Thanks,
    -Rubén

  • They added a new argument that you can use

    man screen

    “-L tells screen to turn on automatic output logging for the windows.”

  • apinhal Linux Google Chrome 23.0.1271.64 wrote:

    Thanks!

  • loadedmind Mac OS X Firefox 21.0 wrote:

    To the author: thanks for posting such a useful solution. Please consider wrapping your code in the proper tags if the extra characters, i.e. semi-colon are resolved as well as adding the extra fi closing if statement. Folks should know better if scripting for any length of time, but you really need to ensure your script is free of “bugs” when presenting to general audience.

Leave a Reply

Your email is never shared.Required fields are marked *

To submit your comment, click the image below where it asks you to...
Clickcha - The One-Click Captcha