Hello all,
I need to find, what time a particular command was run in one of our AIX box. In our environment, we use 'powerbroker' to login as root and there are so many people who use this. I tried history command, which shown me similar to below:
406 ls -l | *user*
407 ls -l *user*
408 ls -l | more
409 ls -l *su*
410 ls -l wtmp
411 ls -l *wtmp*
412 ls -l *tmp*
Can somebody help me on this..?
Current AIX versions can write timestamps in the history. Add
export EXTENDED_HISTORY=ON
to the server's /etc/profile.
Letting all users login as root leaves you with no opportunity to find out who did what. Knowing when what command was used might not be sufficient to identify who worked on the server at the time in question. If you installed Powerbroker for that reason and the tool cannot deliver this information it is crap. If Powerbrocker can do that but was not configured properly this would be bad administration. In the first case dump Powerbroker in the second case you might fire the Powerbroker administrator.