HPE Community
Operating System - HP-UX
1833750 Members
3150 Online
110063 Solutions
New Discussion

Re: How to stop sudo's logging to syslog.log?

 
happywolf
Occasional Contributor

‎08-31-2001 08:10 AM

‎08-31-2001 08:10 AM

How to stop sudo's logging to syslog.log?

I've comment "syslog = auth " with visudo, and I did not add anything to syslog.conf. but sudo still log every exectuing to syslog.log
How to prevent it?
thanks all.
0 Kudos
Reply
7 REPLIES 7
Sridhar Bhaskarla
Honored Contributor

‎08-31-2001 08:23 AM

‎08-31-2001 08:23 AM

Re: How to stop sudo's logging to syslog.log?

Hi,

You need to comment out the facility in /etc/syslog.conf file with which you compiled your sudo. I think the default one is local2. Comment out local2 in your /etc/syslog.conf and restart syslogd.

You can change this behaviour while compiling the sudo executable by running the configure script with "--with-logging=file" instead syslog which is the default.

-Sri


You may be disappointed if you fail, but you are doomed if you don't try
0 Kudos
Reply
linuxfan
Honored Contributor

‎08-31-2001 08:51 AM

‎08-31-2001 08:51 AM

Re: How to stop sudo's logging to syslog.log?

Hi,

To enable logging to a different file,
add
local2.debug /var/adm/syslog/sudo.log
to your /etc/syslog.conf
and restart your syslogd
(/sbin/init.d/syslogd stop ; /sbin/init.d/syslogd start)

I can understand you don't want to log info to your syslog but do you want to avoid logging altogether in which case you can add
local2.debug /dev/null
and restart your syslogd, this would prevent logging any sudo executations.

Personally i would want to keep track of which user(s) are running what commands but its your preference

-HTH
Ramesh

They think they know but don't. At least I know I don't know - Socrates
0 Kudos
Reply
Sridhar Bhaskarla
Honored Contributor

‎08-31-2001 09:10 AM

‎08-31-2001 09:10 AM

Re: How to stop sudo's logging to syslog.log?

OK. The previous one doesn't work as we have
everything enabled except for mail.

Now you need to change *.info to the following

*.info;mail.none;local2.one /var/adm/syslog/syslog.log

Then send a signal 1 to syslog

kill -1 pid_of_syslog.

This will work.

-Sri
You may be disappointed if you fail, but you are doomed if you don't try
0 Kudos
Reply
Sridhar Bhaskarla
Honored Contributor

‎08-31-2001 09:14 AM

‎08-31-2001 09:14 AM

Re: How to stop sudo's logging to syslog.log?

Small correction

please replace local2.one with local2.none in
my previous message. Typo.

-Sri
You may be disappointed if you fail, but you are doomed if you don't try
0 Kudos
Reply
linuxfan
Honored Contributor

‎08-31-2001 09:30 AM

‎08-31-2001 09:30 AM

Re: How to stop sudo's logging to syslog.log?

Hi Sri,

Are you saying
local2.debug /var/adm/syslog/sudo.log
or
local2.debug /dev/null

won't work?

Btw happywolf, you don't need to stop and start the syslogd (i don't know what i was thinking) you could just do a
kill -HUP `cat /var/run/syslog.pid`
to reread your syslog.conf file

-Ramesh
They think they know but don't. At least I know I don't know - Socrates
0 Kudos
Reply
Sridhar Bhaskarla
Honored Contributor

‎08-31-2001 09:34 AM

‎08-31-2001 09:34 AM

Re: How to stop sudo's logging to syslog.log?

Ramesh,

local2.debug /var/adm/syslog/sudo.log

works. But it will dump the messages in syslog.log as well.

His problem is to turn off the messages.

local2.debug /dev/null will not work as
we are already pumping the messages into syslog with *.info as the default with an exception to mail. (mail.none) which will go to mail.log.

So placing local2.none along with *.info is only going to fix his/her problem.

-Sri
You may be disappointed if you fail, but you are doomed if you don't try
0 Kudos
Reply
linuxfan
Honored Contributor

‎08-31-2001 10:02 AM

‎08-31-2001 10:02 AM

Re: How to stop sudo's logging to syslog.log?

Hi,


Oops, i already had a local2.none for my *.info line, that's why i never saw those messages in syslog whenever i was using local2.debug or local2.info pointing to /dev/null or to another log file.

Today's just not my day i guess, I should just pack up and enjoy the long weekend. ;-)

well to answer your question happywolf,
if you want no logging at all

modify your syslog.conf
*.info;mail.none;local2.none /var/adm/syslog/syslog.log

if you want logging to another file, you still have to change the *.info and in addition add
local2.info /var/adm/syslog/sudo.log


-Cheers
Ramesh
They think they know but don't. At least I know I don't know - Socrates
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.