Auditd logging all commands

I’m trying to achieve logging all commands, by following the instructions of this site. Auditd logging all commands · WHMCR

I’ve installed auditd package from squeeze repository. And performed the following command:

$ sudo auditctl -a exit,alway -F arch=b64 -S all Error sending add rule request (Operation not supported)

Unfortunately I’m getting an error.

Can someone help me how I can add support for this operation?

Hi, any success since march ? We would like to do something similar here.

FYI there’s a typo “alway” not sure if that was just in the post…

sudo auditctl -a exit,always -F arch=b64 -S all
Error sending add rule request (Operation not supported)

Same result.

This is an old post but I’m currently having the same need for PCI purposes to log all commands entered through the CLI to the syslog (in particular to a remote server). Has this been implemented in any new release since the last post on this topic or are there any other updates that someone can provide?

Thanks

Try to type “history”

Thanks, but that will just show the commands entered. What is needed for PCI is to be able to log all commands into the remote syslog server including a timestamp and the user that entered the command to be able to trace back any changes made.
I can’t find a good combination of facility and logging level in the in the logging section of the router that will achieve this