[plug] Monitor User Activity/Processes

[Tim White]

The answer is probably obvious but I thought I would ask any way.
I want to be able to monitor user activity, e.g. log an event when a 
user opens(start)/closes(end) a file/process. I currently have a small 
script outputting 'ps --user %u' to a log file each minute but I don't 
really want it like that. I would prefer to output something like below. 
(Like the 'sudo' log under auth.log except separate file for each user[1])
Tim
[1] A single file is fine if it has the user field like in auth.log

#/var/log/activity/tim
Oct  2 11:02:15 linmedia sudo:      tim : TTY=pts/2 ; PWD=/home/tim ; 
USER=tim ; COMMAND=/sbin/rmmod
Oct  2 11:03:01 linmedia sudo:      tim : TTY=pts/2 ; PWD=/home/tim ; 
USER=tim ; COMMAND=/usr/bin/vim /etc/modules.conf
Oct  2 11:08:08 linmedia sudo:      tim : TTY=pts/0 ; PWD=/var/log ; 
USER=tim ; COMMAND=/usr/bin/less kern.log
Oct  2 11:08:32 linmedia sudo:      tim : TTY=pts/0 ; PWD=/home/tim ; 
USER=tim ; COMMAND=/usr/sbin/alsaconf

#/var/log/activity/bob
Oct  2 11:02:15 linmedia sudo:      bob : TTY=pts/2 ; PWD=/tmp ; 
USER=bob ; COMMAND=/usr/bin/ls