I have an Ubuntu desktop server that is accessed by multiple people remotely. I need to locate a high level log file that shows, at a minimum, the date/time, username, and system action. System action would be log on, log off, files opened by which app, shell commands executed, shell or console errors, script commands executed or errors, etc.. Does this exist for Ubuntu? This is necessary for security but also for troubleshooting.
2 Answers
try
cat /var/log/auth.loglast
You can obtain some of the information you want, see man journalctl. Other information can be saved by configuring and enabling "Process Accounting" see (https://www.cyberciti.biz/faq/linux-unix-bsd-varaccountpacct-or-varlogaccountpacct-file/), but beware of producing BIG datafiles. man acct accton sa.
There is also the Audit Daemon (man auditd) which can be configured, Beware of producing BIG datafiles
Your other requests, "... shell commands executed, shell or console errors, script commands executed or errors, etc" show a general misunderstanding of Linux.
You can send the system's logs to an other, more secure system. See man rsyslogd rsyslog.conf.
One really big log file with ALL that data? That's there by default? Nope.
