====== Log user commands ======

Set PROMPT_COMMAND to log every command to syslog
<cli prompt='#'>
PROMPT_COMMAND='history -a >(logger -t "[$USER] $SSH_CONNECTION")'
</cli>

/etc/rsyslog.conf
<code>
# Log every command executed by a user to a separate file
local6.* /var/log/commands.log
</code>

<cli prompt='$'>
$ tail -f /var/log/commands.log
Mar 28 14:23:56 ip-3-168-15-118 shell[9346]: docker ps
Mar 28 14:23:58 ip-3-168-15-118 shell[9346]: docker ps -a
Mar 28 14:26:01 ip-3-168-15-118 shell[9346]: cat /etc/rsyslog.conf
Mar 28 14:27:02 ip-3-168-15-118 shell[9346]: tail -f /var/log/commands.log
Mar 28 14:27:05 ip-3-168-15-118 shell[9346]: ls -lsh
Mar 28 14:27:07 ip-3-168-15-118 shell[9346]: pwd
</cli>