Hi,
I am running below SLES11 server. I want to setup audit records of all user activities based on history command output.
SUSE Linux Enterprise Server 11 (x86_64)
VERSION = 11
PATCHLEVEL = 1
==========
I have added below entries in /etc/profile.local file:
LOGNAME1=who am i
DT=date '+%m.%d.%Y-%M.%S'
HISTSIZE=500
#HISTTIMEFORMAT="%a %b %Y %T %z "
HISTFILE=/audit/hist_${LOGNAME1}su${DT}
export HISTSIZE HISTFILE HISTTIMEFORMAT
==========
But when I log into the system using my ID and then later do a “sudo su” to become root, it does not capture history logs output in /audit directory as per above configuration. The permission on /audit directory is set to all permissions. The logs don’t get generated even if I select my home directory or /tmp to capture logs.
Please help!