auditctl

Ubuntu: Auditing sudo commands and forwarding audit logs using syslog

sudo provides users with temporary elevated privileges to perform operations.  No matter what your security philosophy, sudo is more than likely enabled on your system if even for a limited number of users. And if it is enabled, creating an audit log of exactly what was run (and who ran it) is essential to reporting.  Ubuntu: Auditing sudo commands and forwarding audit logs using syslog