Log command line interface

[SagaciousKJB]

Is there a way to save the commands made at the command line interface into a more manageable log file than the "history" database or bash's history log? I'm looking for something that will hold commands for a very long time ( months perhaps ) and of course it needs to show which users were entering which commands, maybe a different log file for each user.

I need this a little bit for auditing, but I also need it because I'm often entering commands or small scripts that I need later but can't remember, and go back too far to be found by "history" or my bash log.

I know there must be something like what I need, beacuse I've talked to sys admins that look at the logs of the command their users entered. So maybe if someone is experienced in that area they can tell me where I can look.

Thanks.

[vickey_20]

The commands executed by a user are stored in ~/.bash_history file. This file is present in the home dirctory of every user. The commands executed by the user get appended in the above file when the used exists or logouts from the shell. This file may not be useful for monitoring the commands history as it is purely under the control of the user, so some modifications are required.
Step 1) Make the .bash_history owned by root

Code:

chown root .bash_history

step 2) change the group of the file to the user primary group i.e name of the user

Code:

chgrp vickey .bash_history

step 3) Add rw permission to the grp name

Code:

chmod +rw .bash_history

step 4) Make the file undeletable and set append only mode

Code:

chattr +au .bash_history

Now the user can only append the information when he/she executes the command. As the owner has been changed (+au) the file can not be deleted by the user.
However there is still a security hole here, if the user set the variable

Code:

HISTSIZE=0

The commands executed will not be appended into this file anymore