I am running below SLES11 server. I want to setup audit records of all user activities based on history command output.
SUSE Linux Enterprise Server 11 (x86_64)
VERSION = 11
PATCHLEVEL = 1
who am i
#HISTTIMEFORMAT="%a %b %Y %T %z "
export HISTSIZE HISTFILE HISTTIMEFORMAT
But when I log into the system using my ID and then later do a “sudo su” to become root, it does not capture history logs output in /audit directory as per above configuration. The permission on /audit directory is set to all permissions. The logs don’t get generated even if I select my home directory or /tmp to capture logs.