- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Reduce the logging level of Sudo
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-17-2010 03:08 AM
08-17-2010 03:08 AM
Reduce the logging level of Sudo
Please does any one know how to reduce the logging level of sudo. It presently logs entries almost thrice in the syslog.log file.
Thanks.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-17-2010 03:44 AM
08-17-2010 03:44 AM
Re: Reduce the logging level of Sudo
UNIX95=1 ps -fC syslogd
Also check for duplicate lines in /etc/syslog.conf
Bill Hassell, sysadmin
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-16-2010 01:39 AM
09-16-2010 01:39 AM
Re: Reduce the logging level of Sudo
esmadu07 K05000 The SYSLOG is growing at a rate greater than 60000 bytes per min
Regards.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-16-2010 01:45 AM
09-16-2010 01:45 AM
Re: Reduce the logging level of Sudo
Can you provide what's in syslog.log that's growing so fast?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-16-2010 02:03 AM
09-16-2010 02:03 AM
Re: Reduce the logging level of Sudo
/caf/bin ; USER=root ; COMMAND=/bin/su.original D052CGC -c sh -c "SHLIB_PATH=/op
t/CA/SharedComponents/lib:/usr/lib:/opt/CA/CAlib:/opt/CA/SharedComponents/lib:/o
pt/CA/SharedComponents/lib:/opt/CA/UnicenterDSM/caf/lib:/opt/CA/SharedComponents
/lib;export SHLIB_PATH;/opt/CA/UnicenterDSM/caf/bin/cfURI"
Sep 16 10:13:18 esmadu07 above message repeats 2 times
Sep 16 10:13:18 esmadu07 sudo: root : TTY=unknown ; PWD=/opt/CA/UnicenterDSM
/caf/bin ; USER=root ; COMMAND=/bin/su.original B049LNU -c sh -c "SHLIB_PATH=/op
t/CA/SharedComponents/lib:/usr/lib:/opt/CA/CAlib:/opt/CA/SharedComponents/lib:/o
pt/CA/SharedComponents/lib:/opt/CA/UnicenterDSM/caf/lib:/opt/CA/SharedComponents
/lib;export SHLIB_PATH;/opt/CA/UnicenterDSM/caf/bin/cfURI"
Sep 16 10:13:18 esmadu07 su: + tty?? root-D052CGC
Sep 16 10:13:18 esmadu07 above message repeats 2 times
Sep 16 10:13:18 esmadu07 su: + tty?? root-B049LNU
Sep 16 10:13:18 esmadu07 sudo: root : TTY=unknown ; PWD=/opt/CA/UnicenterDSM
/caf/bin ; USER=root ; COMMAND=/bin/su.original M967VEC -c sh -c "SHLIB_PATH=/op
t/CA/SharedComponents/lib:/usr/lib:/opt/CA/CAlib:/opt/CA/SharedComponents/lib:/o
pt/CA/SharedComponents/lib:/opt/CA/UnicenterDSM/caf/lib:/opt/CA/SharedComponents
/lib;export SHLIB_PATH;/opt/CA/UnicenterDSM/caf/bin/cfURI"
Sep 16 10:13:19 esmadu07 above message repeats 4 times
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-16-2010 03:39 AM
09-16-2010 03:39 AM
Re: Reduce the logging level of Sudo
I think every application log is directed to your syslog file , please look in to you syslog.conf under /etc .what all lines in syslog.conf apart from these :
mail.debug /var/adm/syslog/mail.log
*.info;mail.none /var/adm/syslog/syslog.log
*.alert /dev/console
*.alert root
*.emerg *
Regards,
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-16-2010 04:35 AM
09-16-2010 04:35 AM
Re: Reduce the logging level of Sudo
Here is my syslog.conf:
# See syslogd(1M) for information about the format of this file.
#
mail.debug /var/adm/syslog/mail.log
*.info;mail.none /var/adm/syslog/syslog.log
*.alert /dev/console
*.alert root
*.emerg *
lpr,local2.debug /tmp/PdLog2
user.info /opt/CA/UnicenterDSM/logs/dsmEventLog.log
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-16-2010 05:10 AM
09-16-2010 05:10 AM
Re: Reduce the logging level of Sudo
Can you put an extra entry in your sudoer file , /usr/local/etc/sudoers:
logfile
http://www.gratisoft.us/sudo/sudoers.man.html
hope this helps.
Regards,
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-16-2010 05:41 AM
09-16-2010 05:41 AM
Re: Reduce the logging level of Sudo
The command will not work in the sudoers file.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-16-2010 09:24 AM
09-16-2010 09:24 AM
Re: Reduce the logging level of Sudo
mail.debug /var/adm/syslog/mail.log
*.info;mail.none;lpr.none;local2.none;user.none /var/adm/syslog/syslog.log
lpr,local2.debug /tmp/PdLog2
user.info /opt/CA/UnicenterDSM/logs/dsmEventLog.log
Two very important rules about syslog.conf:
1. Each line is processed with any regard to a previous line. You can log things to 10 different files if you want. But the line for syslog.log must exclude what you want to be logged somewhere else. Otherwise, you get double logging.
2. syslog.conf must NEVER have any spaces. If a space appears ANYWHERE on a line, it is silently ignored, ie, becomes a comment. All spacing is by tab characters. Use cat -vt to list syslog.conf. It will look like this:
# local5 (ftpd) logged only to /var/adm/syslog/local5.log
# kern (kernel messages) logged only to /var/adm/syslog/kern.log
# daemon (daemon messages) logged only to /var/adm/syslog/daemon.log
# auth (authentication messages) logged only to /var/adm/syslog/auth.log
# lpr (lp messages) logged only to /var/adm/syslog/lp.log
*.info;mail.none;local0.none;local5.none;auth.none;user.none;lpr.none;daemon.notice;kern.notice;^I/var/adm/syslog/syslog.log
mail.debug^I/var/adm/syslog/mail.log
local5.info^I/var/adm/syslog/ftpd.log
auth.info^I/var/adm/syslog/auth.log
daemon.info^I/var/adm/syslog/daemon.log
kern.info^I/var/adm/syslog/kern.log
lpr.info^I/var/adm/syslog/lpr.log
Bill Hassell, sysadmin
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-16-2010 09:28 AM
09-16-2010 09:28 AM
Re: Reduce the logging level of Sudo
Bill Hassell, sysadmin
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-16-2010 09:32 AM
09-16-2010 09:32 AM
Re: Reduce the logging level of Sudo
Defaults logfile=/var/adm/syslog/sudo.log
Bill Hassell, sysadmin
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-16-2010 10:06 PM
09-16-2010 10:06 PM
Re: Reduce the logging level of Sudo
It looks like cfURI is being run over and over.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-17-2010 12:58 AM
09-17-2010 12:58 AM
Re: Reduce the logging level of Sudo
What I want to achieve is to reduce the amount of logs.
When I edit the sudoers file with
logfile=/var/adm/syslog/sudo.log
It logs the logs in both sudo.log and syslog.log. When I editted the /etc/syslog.conf with
*.info;mail.none;lpr.none;local2.none;user.none /var/adm/syslog/syslog.log
It stop the logs to syslog.log and only write to sudo.log. I want some level of logs in syslog.log.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-28-2010 06:46 AM
09-28-2010 06:46 AM
Re: Reduce the logging level of Sudo
Is it possible for me to make an entry for sudo logs on /etc/syslog.conf
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-28-2010 07:10 PM
09-28-2010 07:10 PM
Re: Reduce the logging level of Sudo
According to the sudo man pages, there appear to be no controls for logging levels.
@ofure: Is it possible for me to make an entry for sudo logs on /etc/syslog.conf
No. As mentioned above, you eliminate syslog.log messages by adding this line:
Defaults logfile=/var/adm/syslog/sudo.log
to the sudoers file (using visudo).
Bill Hassell, sysadmin
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-30-2010 02:13 AM
09-30-2010 02:13 AM
Re: Reduce the logging level of Sudo
What I finally did was to add the following lines into the sudoers file:
Defaults logfile=/var/adm/sudo.log
Defaults !syslog
I created a house keeping script to reduce the sudo.log everyday. This stop the multiple logs going into syslog.log.
Regards.