Recently we got a requirement to log each and every command executed by the users. Upon googling we found a tool that is exclusively contrived to accomplish this ambition.
This tool was "Snoopy". This is a open source project whose microscopic documentation is available at their github page:
You can find all installation and configuration doc at their github README.
We choose snoopy because it is a very lightweight tool that is just built with the intention of logging each and every command executed by user. It consists of only a tiny library which does all the logging.
1). Log each executed command by any user with its arguments
2). Configure the pattern of logs according to requirement using a simple configuration file
3). The logs generated by snoopy can be sent to a central logging server and then can be parsed to get useful information. For example: To get all sudo commands executed by a user.
Snoopy logger is a majestic utility which makes the admin work more effortless by providing a log of commands with its arguments executed via shell by any user. It comes with a configuration file "/etc/snoopy.ini" where you can configure how the logs are generated and the information in the logs you want to have.
Automating Snoopy installation/configuration:
We will make the procedure easy for installation and configuration of snoopy by creating puppet module and ansible role. We'll soon be launching a puppet module and an ansible role for it.
Also we'll showcase a useful example of snoopy logger with centralized logging using ELK.