1) Well it depends on whether you just want to know when they logged in, or see every command they type. For the second case, assuming they use the standard HP POSIX shell, you can look at each user's shell history ($HOME/.sh_history). If you need this in realtime, you'll need to run the tail -f command which shows you any changes every one second. If you need to monitor all the users, then you'll need lots of extra terminals and people to sit there and watch the commands.
2) As mentioned, lastb tells you all that. You have to write a script that checks for new additions to that list.
3) As with item #2, you have to write a script to monitor this command.
It sounds like you are concerned about security and/or users that have too many privileges on this system. For security, you might take a look at IDS (Intrusion Detection System to monitor things automatically. Get information at:
http://h20293.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=HPUX-HIDS For system stability due to poor user behavior, this is reallt a social problem and the easiest solutuion is to remove shell access for problem users and write a menu script instead. Certainly you never, ever give root access to developers and database administrators. For assistant administrators, use SAM's restricted use feature and also get a copy of sudo to provide limited command capability.
Bill Hassell, sysadmin
