Hello, new user here. I am the "administrator" for a few SCO Unix servers here, but do not have much Unix administration experience other than some basic stuff (don't ask).

Anyway, I have been charged with finding a way to log all users commands for auditing purposes. This includes root. The log file should contain the command that was run, the user that invoked it, and the date and time of execution. Other data may be useful, but is not required. This log file should not be accessible by any users other than root, or they could obviously edit the file if they did something "bad".

I've looked at syslog and don't think it will give me what I need. I've also looked at pacct, but not sure if that works either. Maybe it's a setup issue? I have read through several man pages (syslog, syslogd, syslog.conf, pacct, etc) as well as a few printouts from various sites, but nothing looks like what I'm searching for. I've tried the search here as well and found that pacct seems the closest, but I'm not so sure.

We use Windows boxes running Reflections to telnet into the Unix boxes. Our Corporate office has decreed that we use a script that does log all user commands. To even use this script, we have to set up Reflection icons that will automatically enter the user into this script and then hide the ability to change the settings of the Reflection configuration. The logs from this script are editable (just hidden) and there are too many back-doors (rlogin/ftp/telnet/etc) to bypass it. Too much of a rigamarole for something that really does not work. As I see it, we need OS level logging.

If anyone can point me in the right direction, I would be eternally grateful.

Thanks in advance!

Do some reading on different shells. Many supply a .sh_history for each user which might be a good start for you. Apart from homegrowing your solution, I am sure there are products out there I just don't shop for them

Sorry, I forgot to say we use the bash shell. I just figured there would be something built-in to the O/S that would do what we are seeking since Unix was designed as a multi-user O/S and all. I have no idea really where to start. We do have the history, but it doesn't have data/time of the executed command, nor who ran it.