tracking of users

hi,

I run a bunch of red hat servers that are pretty tightly secured (osiris, snort+base,behind 2 different firewalls 2 factor auth vpn access etc...), yet for support purposes I have to allow remote access to the soft editor through a jump box and then use sudo for any commands.
With osiris I'm able to see the file changed etc... which is excellent but not enough.
With sudo i can track any of the commands issued.
My issue is that the application is text menu driven, and I don't get see the options chosen...those never makes it to my log server. Which makes my traceability quiete difficult.
I've taught of setting up a key logger but I wanted to check if there was any other options before moving to such radical move.

A lot of server programs keep log files...apache, ssl, squid, etc... I'm not familiar with how vpn works so I apologize for my inability to give a good answer. I personally view logs for all my servers using webmin. Maybe it can help?