I whant write the script of monitoring my servers on night-active users.
He must loging all user actions, when user login, when logout, when he do su etc.
But i don't know with what to begin 
How command i can use? awk, sed, last
And what logs i can use too? /var/log/messages, /var/log/secure =\
How is this command going to run? Will it run every few minutes or so? Or will you run it every morning to check who logged in and did su and such through the night?
If the second one, then I suggest using 'last' to check for user login/logout and use /var/adm/sulog for the details of who did su and such. In either case, you will have to write in the logic that prevents the script on reporting already reported information i.e. you will have to count how many lines the sulog has when the script ends and then start processing from the next line when the script runs the next time.