Return to Answer

On Debian-based operating systems, doing tail /var/log/auth.log | grep username should give you a user's sudo history. I don't believe there is a way to get a unified command history of a user's normal + sudo commands.

On RHEL-based operating systems, you would need to check /var/log/auth.log instead of /var/log/secure.

On Debian-based operating systems, doing tail /var/log/auth.log | grep username should give you a user's sudo history. I don't believe there is a way to get a unified command history of a user's normal + sudo commands.

On RHEL-based operating systems, you would need to check /var/log/secure instead of /var/log/auth.log.

Doing tail /var/log/auth.log | grep username should give you a user's sudo history. I don't believe there is a way to get a unified command history of a user's normal + sudo commands.

On some systems you may need to replace /var/log/auth.log with /var/log/secure

On Debian-based operating systems, doing tail /var/log/auth.log | grep username should give you a user's sudo history. I don't believe there is a way to get a unified command history of a user's normal + sudo commands.

On RHEL-based operating systems, you would need to check /var/log/auth.log instead of /var/log/secure.

Doing tail /var/log/auth.log | grep username should give you a user's sudo history. I don't believe there is a way to get a unified command history of a user's normal + sudo commands.

Doing tail /var/log/auth.log | grep username should give you a user's sudo history. I don't believe there is a way to get a unified command history of a user's normal + sudo commands.

On some systems you may need to replace /var/log/auth.log with /var/log/secure