I am looking for a really good command logging tool to improve the auditing of my servers. I have previously used snoopy but this is currently a bit flaky and causing serious problems for me, it doesn't look like it's been maintained since 2004, it didn't even want to compile until I added -fPIC but it's causing segmentation faults and just ruins my test systems, eventually causing all or nearly all commands to segfault.

I've tried the process account tools but they log only the command basename, no args and no shell built-ins either (although even snoopy doesn't get that last one, but I could live without it if I had to). Shell history files are not security, they are just convenience, so they don't fit either (unless we find a way of capturing all shell history straight into syslog...)

So I'm looking for something else that I can deploy among my servers to fully audit any commands entered and log them via syslog.

Does anyone have any recommendations for a good thorough command logger, capturing args as well?

Check out 'rootsh' I'd say. It transparently wraps around shells and can dump to syslog NP. Depending on you requirements for cross-referencing it I'd combine it with either in-kernel logging facilities like GRSecurity or TOMOYO offer (or Auditd) plus make syslog dump to a separate syslog server.