I want to monitor the Mac server behaviours by listing which file or command or application on which time is opened / executed by whom. For example, another admin executed a bash command "sudo rm -fr /etc" at 10:00am, or another user opened an modified a file, or someone launched Disk Utility application.
Is there a easy way to do this?
BSM auditing is designed for this. See the audit(8) man page, this blog post from Rich Trouton, and the Audit Explorer app.