[logs] Unix privileged access logging

[Paul Melson]

> One of the items I am struggling with right now is logging Unix privileged
commands (add/deletes/etc).  
> On some flavors of Unix  administrative actions are available via menus as
well as the command line.  
> The command menus provide no method for syslog integration and the menus
provide a convenient tool fort 
> staff.  The native audit subsystem produces such a large volume of data,
parsing said data is not 
> practical.  Although sudo logs all administrative access, it seems many
admins lack the discipline to 
> use sudo on a routine basis other than to sudo su -.   
> Are there any tool recommendations? 

I think your best bet is to log shell commands for the root user to syslog.
Check out:

http://blogs.sun.com/chrisg/entry/logging_commands_in_korn_shell


PaulM