Auditing - Logging all commands and arguments
I want to increase my security and auditing on some systems by adding full logging of every command and all arguments to every command that is typed on any shell used on the system.
I have used sa before this only logs the command program, not the arguments which makes all the difference. Also, I'm not sure it will catch shell built-ins or people truncating files like so "> filename".
I have used snoopy before which I liked and seemed to work quite well although it does not seem to be supported any more since 2004 looking at the sourceforge site. Since this uses execve I'm not sure this will catch shell built-ins either in fact, and nor am I sure about packages/maintainability of doing this, but then considering it has not been updated in 3.5 years I doubt updates will be a problem... (of course this raises issues about security or bugs discovered in it if not maintained).
I've also found sudosh on google but this seems to be an imperfect approach since it requires giving people an alternate shell through sudo. What happens when logging all commands but one command is just "bash" and everything inside that command is a black box?
Ideally I'd like whatever auditing solution I implement to be shell neutral.
Sudo itself if completely inadequate because people "sudo su" and it would be difficult if not impossible to grant people access to only specific commands.
So what do you use for complete command auditing/logging?