A quick random Linux administration tip: add the following three lines to root's .bashrc:
1 2 3
[ ! -d $HOME/.history ] && mkdir $HOME/.history set -- `/usr/bin/who -m` HISTFILE="$HOME/.history/`/bin/date +%Y-%m-%d.%T`.`/bin/hostname -s`.$$.$1"
Once you do, future login sessions as root will be saved in a directory named .history in root's home directory, in the pattern:
Why would you want to do something like this? First, each shell/session is stored to it's own file, rather than interleaving into a single file in whatever order you might have exited them. Second, it tells you both when you started the session (by the filename) and when you ended it (by the timestamp on the file). Third, for systems administered by multiple people, it tells you who was su'd to root when the session occurred (or just displays root for console logins), so you know which admin "owned" that session.
The main downside here is that you lose the ability to see multiple sessions' worth of history in your history buffer, but for systems with multiple admins, I haven't missed it (as getting someone else's history when scrolling back has proven more annoying than helpful for me), but if you lean hard on your history, this might not be a net win for you.
Also, I'd suggest resisting the urge to treat this as an "audit log" of any kind; it's trivially bypassed, meaning that this is for teams that trust each other. Use it instead as a way of recreating the how and why of a change after (occasionally long after) it was made.