trouble with syslog and sudo logs

John Hines bigjohn_101 at hotmail.com
Wed Jan 23 02:23:24 EST 2002 

Hi Matt,

  I do have a /var/log/sudo.log which I even chmod'd to 777.  For some
reason though all my sudo logs still go to /var/log/messages.  I'm convinced
it has something to do with my syslog.conf file.  I followed the spacing
format that the other entries use.

Thanks for the help,

John Hines


----- Original Message -----
From: Matthew Hannigan <mlh at zip.com.au>
To: John Hines <bigjohn_101 at hotmail.com>
Sent: Tuesday, January 22, 2002 7:37 PM
Subject: Re: trouble with syslog and sudo logs


>
> Does sudo.log exist?  Some (most?) syslogd's require
> that that file exists already.  Just touch it if not,
> and kill -1 <pid of syslog>
>
> That's the 2nd most irritating thing about syslog.
> (after the insistence of tabs and not spaces).
>
> Regards,
> -Matt
>
>
>
> > John Hines wrote:
> >
> > Hello,
> >
> >   I've recently installed sudo on a FreeBSD4.4 box and am unable to
> > log to /var/log/sudo.log .  All of my sudo logs are going to
> > /var/log/messages.  I believe my sudo messages are going to
> > /var/log/messages because the syslog priority of a successful login
> > attempt is "notice" which is set to log to /var/log/messages in my
> > syslog.conf.  However even unsuccessful login attempts are logged to
> > /var/log/messages.  I have inserted any pertinent information that I
> > could think of below.
> >
> > Output from sudo -V:
> >
> > Syslog facility if syslog is being used for logging: local2
> > Syslog priority to use when user authenticates successfully: notice
> > Syslog priority to use when user authenticates unsuccessfully: alert
> >
> > syslog.conf:
> >
> > # $FreeBSD: src/etc/syslog.conf,v 1.13.2.2 2001/02/26 09:26:11 phk Exp
> > $
> > #
> > #       Spaces are NOT valid field separators in this file.
> > #       Consult the syslog.conf(5) manpage.
> > *.err;kern.debug;auth.notice;mail.crit          /dev/console
> > *.notice;kern.debug;lpr.info;mail.crit;news.err /var/log/messages
> > security.*                                      /var/log/security
> > mail.info                                       /var/log/maillog
> > lpr.info                                        /var/log/lpd-errs
> > cron.*                                          /var/log/cron
> > *.err                                           root
> > *.notice;news.err                               root
> > *.alert                                         root
> > *.emerg                                         *
> > # uncomment this to log all writes to /dev/console to
> > /var/log/console.log
> > #console.info                                   /var/log/console.log
> > # uncomment this to enable logging of all log messages to
> > /var/log/all.log
> > #*.*                                            /var/log/all.log
> > # uncomment this to enable logging to a remote loghost named loghost
> > #*.*                                            @loghost
> > # uncomment these if you're running inn
> > # news.crit
> > /var/log/news/news.crit
> > # news.err                                      /var/log/news/news.err
> > # news.notice
> > /var/log/news/news.notice
> > !startslip
> > *.*                                             /var/log/slip.log
> > !ppp
> > *.*                                             /var/log/ppp.log
> > # This logs successful and failed sudo attempts to the file
> > /var/log/sudo.log
> > local2.debug                                    /var/log/sudo.log
> >
> >
> > Thank You in advance,
> >
> > John Hines
>

More information about the sudo-users mailing list