System Administration
cancel
Showing results for 
Search instead for 
Did you mean: 

how to log sudo activities in separate log file

 
SOLVED
Go to solution
Highlighted
Super Advisor

how to log sudo activities in separate log file

Hi

I am using Redhat, Suse and HP-UX.

There is some users are configured in sudo.

So i want to log all sudo activities in separate file.

Pls answer my following questions:

1) what is default log file where all sudo activities are stored in Redhat, suse and HP-UX

2) How to store sudo activities in separate log file in Redhat, Suse and HP-UX.

pls explain for each OS.
6 REPLIES 6
Highlighted
Honored Contributor

Re: how to log sudo activities in separate log file

1) Normally, sudo messages are sent to syslog.

2) Add a line like this to the defaults specification:

Defaults logfile=/var/log/sudo.log
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
Highlighted
Super Advisor

Re: how to log sudo activities in separate log file

Hi

in which file we have to add this line.

pls tell me for Redhat, suse and HP-UX separately.

is sudo logs only will be stored in /var/log/sudo.log after adding this entry?

or

is all the logs of /var/log/messages" is transfered to "/var/log/sudo.log"
Highlighted
Honored Contributor

Re: how to log sudo activities in separate log file

sudo can log both successful and unsuccessful attempts (as well as errors) to syslog(3), a log file, or both. By default sudo will log via syslog(3) but this is changeable at configure time or via the sudoers file.
"Light travels faster than sound. That's why some people appear bright until you hear them speak."
Highlighted
Honored Contributor

Re: how to log sudo activities in separate log file

Refer to http://www.gratisoft.us/sudo/man/sudoers.html

and search for sudo.log
"Light travels faster than sound. That's why some people appear bright until you hear them speak."
Highlighted
Honored Contributor
Solution

Re: how to log sudo activities in separate log file

I would change the sudoers file with visudo to read this way:

Defaults logfile=/var/adm/sudo.log

The log file which we generally mention is
/var/log/sudo.local.log

Since /var/log does not exist, it get to the the default destination syslog.log
"Light travels faster than sound. That's why some people appear bright until you hear them speak."
Highlighted
Honored Contributor

Re: how to log sudo activities in separate log file

>>> in which file we have to add this line.

Just run as root the visudo command

>>> pls tell me for Redhat, suse and HP-UX separately.

Same for all

>>> is sudo logs only will be stored in /var/log/sudo.log after adding this entry?

Only sudo logs
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?