Operating System - HP-UX
1748181 Members
3436 Online
108759 Solutions
New Discussion юеВ

Reduce the logging level of Sudo

 
ozas
Advisor

Reduce the logging level of Sudo

Hi,
Please does any one know how to reduce the logging level of sudo. It presently logs entries almost thrice in the syslog.log file.

Thanks.
16 REPLIES 16
Bill Hassell
Honored Contributor

Re: Reduce the logging level of Sudo

Are you saying that the same log entry is written 2 or 3 times? That is not normal. Check how many copies of syslogd are running:

UNIX95=1 ps -fC syslogd

Also check for duplicate lines in /etc/syslog.conf


Bill Hassell, sysadmin
ozas
Advisor

Re: Reduce the logging level of Sudo

This is the error alart I receive from the server:

esmadu07 K05000 The SYSLOG is growing at a rate greater than 60000 bytes per min

Regards.
Dennis Handly
Acclaimed Contributor

Re: Reduce the logging level of Sudo

>The SYSLOG is growing at a rate greater than 60000 bytes per min

Can you provide what's in syslog.log that's growing so fast?
ozas
Advisor

Re: Reduce the logging level of Sudo

Sep 16 10:13:18 esmadu07 sudo: root : TTY=unknown ; PWD=/opt/CA/UnicenterDSM
/caf/bin ; USER=root ; COMMAND=/bin/su.original D052CGC -c sh -c "SHLIB_PATH=/op
t/CA/SharedComponents/lib:/usr/lib:/opt/CA/CAlib:/opt/CA/SharedComponents/lib:/o
pt/CA/SharedComponents/lib:/opt/CA/UnicenterDSM/caf/lib:/opt/CA/SharedComponents
/lib;export SHLIB_PATH;/opt/CA/UnicenterDSM/caf/bin/cfURI"
Sep 16 10:13:18 esmadu07 above message repeats 2 times
Sep 16 10:13:18 esmadu07 sudo: root : TTY=unknown ; PWD=/opt/CA/UnicenterDSM
/caf/bin ; USER=root ; COMMAND=/bin/su.original B049LNU -c sh -c "SHLIB_PATH=/op
t/CA/SharedComponents/lib:/usr/lib:/opt/CA/CAlib:/opt/CA/SharedComponents/lib:/o
pt/CA/SharedComponents/lib:/opt/CA/UnicenterDSM/caf/lib:/opt/CA/SharedComponents
/lib;export SHLIB_PATH;/opt/CA/UnicenterDSM/caf/bin/cfURI"
Sep 16 10:13:18 esmadu07 su: + tty?? root-D052CGC
Sep 16 10:13:18 esmadu07 above message repeats 2 times
Sep 16 10:13:18 esmadu07 su: + tty?? root-B049LNU
Sep 16 10:13:18 esmadu07 sudo: root : TTY=unknown ; PWD=/opt/CA/UnicenterDSM
/caf/bin ; USER=root ; COMMAND=/bin/su.original M967VEC -c sh -c "SHLIB_PATH=/op
t/CA/SharedComponents/lib:/usr/lib:/opt/CA/CAlib:/opt/CA/SharedComponents/lib:/o
pt/CA/SharedComponents/lib:/opt/CA/UnicenterDSM/caf/lib:/opt/CA/SharedComponents
/lib;export SHLIB_PATH;/opt/CA/UnicenterDSM/caf/bin/cfURI"
Sep 16 10:13:19 esmadu07 above message repeats 4 times
DeafFrog
Valued Contributor

Re: Reduce the logging level of Sudo

Hi Ozas ,

I think every application log is directed to your syslog file , please look in to you syslog.conf under /etc .what all lines in syslog.conf apart from these :
mail.debug /var/adm/syslog/mail.log
*.info;mail.none /var/adm/syslog/syslog.log
*.alert /dev/console
*.alert root
*.emerg *


Regards,
FrogIsDeaf
ozas
Advisor

Re: Reduce the logging level of Sudo

Hi,
Here is my syslog.conf:

# See syslogd(1M) for information about the format of this file.
#
mail.debug /var/adm/syslog/mail.log
*.info;mail.none /var/adm/syslog/syslog.log
*.alert /dev/console
*.alert root
*.emerg *

lpr,local2.debug /tmp/PdLog2

user.info /opt/CA/UnicenterDSM/logs/dsmEventLog.log
DeafFrog
Valued Contributor

Re: Reduce the logging level of Sudo

Hi Ozas (again),

Can you put an extra entry in your sudoer file , /usr/local/etc/sudoers:

logfile

http://www.gratisoft.us/sudo/sudoers.man.html

hope this helps.

Regards,

FrogIsDeaf
ozas
Advisor

Re: Reduce the logging level of Sudo

Hi DF,
The command will not work in the sudoers file.
Bill Hassell
Honored Contributor

Re: Reduce the logging level of Sudo

Your syslog.conf file is not correct. You have two additional log files declared but you are also logging everything (except mail) to syslog. When you want another logfile, you must exclude that facility from syslog:

mail.debug /var/adm/syslog/mail.log
*.info;mail.none;lpr.none;local2.none;user.none /var/adm/syslog/syslog.log

lpr,local2.debug /tmp/PdLog2

user.info /opt/CA/UnicenterDSM/logs/dsmEventLog.log

Two very important rules about syslog.conf:

1. Each line is processed with any regard to a previous line. You can log things to 10 different files if you want. But the line for syslog.log must exclude what you want to be logged somewhere else. Otherwise, you get double logging.

2. syslog.conf must NEVER have any spaces. If a space appears ANYWHERE on a line, it is silently ignored, ie, becomes a comment. All spacing is by tab characters. Use cat -vt to list syslog.conf. It will look like this:


# local5 (ftpd) logged only to /var/adm/syslog/local5.log
# kern (kernel messages) logged only to /var/adm/syslog/kern.log
# daemon (daemon messages) logged only to /var/adm/syslog/daemon.log
# auth (authentication messages) logged only to /var/adm/syslog/auth.log
# lpr (lp messages) logged only to /var/adm/syslog/lp.log


*.info;mail.none;local0.none;local5.none;auth.none;user.none;lpr.none;daemon.notice;kern.notice;^I/var/adm/syslog/syslog.log


mail.debug^I/var/adm/syslog/mail.log
local5.info^I/var/adm/syslog/ftpd.log
auth.info^I/var/adm/syslog/auth.log
daemon.info^I/var/adm/syslog/daemon.log
kern.info^I/var/adm/syslog/kern.log
lpr.info^I/var/adm/syslog/lpr.log


Bill Hassell, sysadmin