Capturing commands executed by user

bhaven.haria · September 30, 2006, 3:48am

Hello Unix Champs,

For keeping audit trail, I want to log the commands entered by the normal users, on their terminal into a text file.

I tried putting a "script -a username.timestamp.txt" in the user profile file, but script command stops execution when user types exit or presses CTRL+D during his session and shows him message "Scripting Done". Obviously, All commands typed by user after this message, will not be logged in the log file.

My queries:
1) Can I control the execution of the script program in such a way that whenever user types "exit", he will exit from the system?
2) Is there any other way by which I can capture what commands user types ?

Thanks,
Bhaven

ghostdog74 · September 30, 2006, 4:29am

what unix platform are you in?

bhaven.haria · September 30, 2006, 7:20am

Ohh!! Forgot to mention; It is:
1) RedHat Linux Enterprise AS 3.3
2) Solaris 9

ghostdog74 · September 30, 2006, 9:46am

The best way to capture user commands, is to turn on auditing.
in Solaris, you can turn on BSM. In red hat , there should be similar mechanism (auditd). pls check your red hat documentation.
script is not the "correct" tool to use