Full Command Logging?

I am looking for a really good command logging tool to improve the auditing of my servers. I have previously used snoopy but this is currently a bit flaky and causing serious problems for me, it doesn't look like it's been maintained since 2004, it didn't even want to compile until I added -fPIC but it's causing segmentation faults and just ruins my test systems, eventually causing all or nearly all commands to segfault. I've tried the process account tools but they log only the command basename, no args and no shell built-ins either (although even snoopy doesn't get that last one, but I could live without it if I had to). Shell history files are not security, they are just convenience, so they don't fit either (unless we find a way of capturing all shell history straight into syslog...) So I'm looking for something else that I can deploy among my servers to fully audit any commands entered and log them via syslog. Does anyone have any recommendations for a good thorough command logger, capturing args as well?

I made some updates to snoopy, including command argument handling, fixing its bugs, and a more flexible configuration (filtering out uninteresting commands, such as crond children, etc), but the authors haven't responded. It relies on any system that allows the LD_PRELOAD and supports sysv seamphores. If you are interested, I will send you my version, and you can help me remove any other bugs. :slight_smile: Send me a PM with your email address.