<div dir="ltr"> >Is there a tool or a way of keeping track of which commands user's are<br> >executing on a system?<br><br>There is a .bash_history file in user's home folders. It contains all commands executed by this user.<br><br><div class="gmail_quote">On Wed, Jul 16, 2008 at 7:22 PM, A. Khattri <<a href="mailto:ajai@bway.net">ajai@bway.net</a>> wrote:<br> <blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><div class="Ih2E3d">On Wed, 16 Jul 2008, Richard Marzan wrote:<br> <br> <blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"> I understand that history files can be wiped out<br> and they don't really contain the time at which a command and it's<br> arguments were run so I refrain from relying on it.<br> </blockquote> <br></div> On traditional UNIX systems, system accounting logs (usually called acct) can be read via the lastcomm command. Im guessing that the sys-process/acct ebuild will give you those commands.<br> <br> NOTE: You will also need kernel support for process/login accounting - look for "process accounting" in your kernel config and make sure it is switched on. (Natrually, you will need to rebuild your kernel / modules if it isn't switched on and reboot to activate it).<br> <br> <br> UPDATE: I just checked one of my kernels and the config option is called "BSD-style process accouting" - it lives in General Setup when configuring a kernel.<br><font color="#888888"> <br> <br> -- <br></font><div><div></div><div class="Wj3C7c"> A<br> -- <br> <a href="mailto:gentoo-user@lists.gentoo.org" target="_blank">gentoo-user@lists.gentoo.org</a> mailing list<br> <br> </div></div></blockquote></div><br></div>