You could also tail their shell histories, if their shells support that, but it has it's drawbacks of course. And note that even if you do track "command line activity", it doesn't cover the whole thing - notaby graphical user interfaces. Tracking open files (lsof) is one thing too, but might be pretty messy.
Another thing is then if you should be "watching" them. If your system is so badly secured that a regular user can break it in no time, you shouldn't be using it
and if your system could take it, you wouldn't need to sit there every second - at least if you trust your users, and you should, because I don't understand why you would allow somebody to have a user account who can't be trusted at all.
My point is, your system's security cannot and should not rely on "peek-watching". If it does, you've already lost half the game. Stores need real-time video surveillance, but just because they don't trust their customers, and because they're more or less forced to keep their goods at hand. In computer systems things can be arranged differently, and they should.