From owner-freebsd-questions@FreeBSD.ORG  Mon Jun 19 01:24:21 2006
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id A6CFA16A474
	for <freebsd-questions@freebsd.org>;
	Mon, 19 Jun 2006 01:24:21 +0000 (UTC)
	(envelope-from dscheidt@panix.com)
Received: from mail3.panix.com (mail3.panix.com [166.84.1.74])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 5FBF743D46
	for <freebsd-questions@freebsd.org>;
	Mon, 19 Jun 2006 01:24:21 +0000 (GMT)
	(envelope-from dscheidt@panix.com)
Received: from panix5.panix.com (panix5.panix.com [166.84.1.5])
	by mail3.panix.com (Postfix) with ESMTP id 65E2113A8C2;
	Sun, 18 Jun 2006 21:24:20 -0400 (EDT)
Received: (from dscheidt@localhost)
	by panix5.panix.com (8.11.6p3/8.8.8/PanixN1.1) id k5J1OKe09198;
	Sun, 18 Jun 2006 21:24:20 -0400 (EDT)
Date: Sun, 18 Jun 2006 21:24:20 -0400
From: David Scheidt <dscheidt@panix.com>
To: Lawrence Horvath <lordsporkton@gmail.com>
Message-ID: <20060619012420.GA20345@panix.com>
References: <a1bf75ae0606181806j11a37al719f745c7b43674c@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <a1bf75ae0606181806j11a37al719f745c7b43674c@mail.gmail.com>
User-Agent: Mutt/1.5.10i
Cc: freebsd-questions@freebsd.org
Subject: Re: syslog all commands
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Jun 2006 01:24:21 -0000

On Sun, Jun 18, 2006 at 06:06:45PM -0700, Lawrence Horvath wrote:
> Date: Sun, 18 Jun 2006 18:06:45 -0700
> From: Lawrence Horvath <lordsporkton@gmail.com>
> To: freebsd-questions@freebsd.org
> Subject: syslog all commands
> 
> Im looking for a way to syslog all commands run my a group of users, i
> was looking at the authpriv.debug but it doesn't log _every_ command,
> is there anyother way to syslog all the commands run by a user?
> 

Is process accounting good enough?  It'll record the name of the
commands run by all users, what terminal they were run from, how much
cpu time they used, and start and stop times.  

See the man pages for acct(5) and lastcomm(1).  It's turned on by
setting accounting_enable="YES" in /etc/rc.conf, and running
/etc/rc.d/accounting start

David