Logging bash history to some file is very important for me, because I have few users on my system and some of them also has a root account. So I want to see what command user start from terminal. Here is how I do this. You should edit file /etc/bashrc or /etc/profile and on end of this file add next content:

whoami="$(whoami)@$(echo $SSH_CONNECTION | awk '{print $1}')"
export PROMPT_COMMAND='RETRN_VAL=$?;logger -p local3.debug "$whoami [$$]: $(history 1 | sed "s/^[ ]*[0-9]\+[ ]*//" ) [$RETRN_VAL]"'
source /etc/bashrc or source /etc/profile (depends which file we changed )

After this I should change permission to file /var/log/cmd.log so every user on system can write to this file. So do next:

[root@setenforce ~]# chmod 622 /var/log/cmd.log

Add this to the end of /etc/[r]syslog.conf file

local3.* /var/log/cmd.log

Restart [r]syslog service

[root@setenforce ~]# service [r]syslog restart

After this I have next in my /var/log/cmd.log:After this I have next in my /var/log/cmd.log:

Feb 27 06:13:12 setenforce jelena: jelena@ [22540]: sudo su - [0]

User jelena logged from IP address and run sudo su - command on Feb 27.