I've been thinking of enabling process accounting on a production server as a proactive security measure to monitor what's being ran on the system.
Looking at the initial documentation it appears that enabling process accounting on a busy system might result in a significant amount of disk space being used to log and store the system process information.
Anyone know what are the best recommendations on enabling process monitoring? Also any considerations on the setup, especially since this is a production server.
Ideally, I'd just want to log any shell commands including PHP exec(), system(), passthru(). etc..
-Tony