I have a debian server and I am the adminstrator for the server. The server hasn't been working correctly and I would like to see what commands were executed by the last 3-4 users who logged in (separated by each login session, since the same user logged in more than once). Is there any way I can accomplish this? I am the root user.
I found a decent article that explains various auditing tools, including the one you want, lastcomm. It's part of acct package, so do:
sudo apt-get install acct
The output is very detailed, so you may want to filter on which commands were run:
$ lastcomm --command wajig apt-get
wajig tshepang pts/7 0.00 secs Tue Oct 8 22:56
wajig tshepang pts/7 0.00 secs Tue Oct 8 22:56
apt-get S root pts/7 0.52 secs Tue Oct 8 22:56
apt-get F root pts/7 0.00 secs Tue Oct 8 22:56
wajig tshepang pts/7 0.00 secs Tue Oct 8 22:47
apt-get S root pts/7 0.45 secs Tue Oct 8 22:47
apt-get F root pts/7 0.00 secs Tue Oct 8 22:47
Further info, e.g. the meaning of the fields, can be found on that article.