Capture / log shell input for auditing purposes

We would like to keep a log of what is being entered by a developer connected to iex shell of an app running in production. Is there a way to capture all user input in a iex shell?

For context, we’re considering adding auditing capabilities to our application, specifically when a developer connects to a running node, and execute remote_console on the running app. We are not looking to prevent developer from doing things, but rather logging everything what was entered.

A kindergarten question: does this sounds too insane to do? :sweat_smile: Or would doing so can potentially be prohibitively complicated?

Do you already have Erlang’s shell history enabled? If not you can enable it and it will keep a history log similar to bash etc.

On Linux or Mac just add this line to ~/.profile or ~/.bashrc etc.:

# Erlang/Elixir repl history - requires OTP 20
export ERL_AFLAGS="-kernel shell_history enabled"

On Linux the history files are kept here: ~/.cache/erlang-history

That won’t do for what @gmile is trying to achieve.

Unfortunately AFAIK there is no mechanism that would allow for logging all actions that happen through remsh. In theory it could be done by implementation of custom distribution module, however it will be not an easy task.

Nope, but due to nature or Erlang and remsh it will be pretty hard to do. However it may be very interesting endeavour that may be very helpful for the community.