Thanks a lotSo, may I ask, is this problem solvable by auditd or do I need other tools ?this makes it possible to record one or two users, not all users.2. use pam_tty_audit.sothis does record every command typed any tty. However, it generates lots of noise. Sometimes, the execv syscall is so frequently called that the system can't afford to log every call of it and it crashes !!!1. audit execv syscall,HII know this seems an old topic. But unfortunately, I can't find a solution for this. I have googled long time. I tried following options:
--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit