trouble with syslog and sudo logs
John Hines
bigjohn_101 at hotmail.com
Wed Jan 23 13:58:35 EST 2002
Hi Todd,
I made the suggested changes and my sudo logs are no longer going to
/var/log/messages, but they are also not going to /var/log/sudo.log. This
is the current state of my syslog.conf:
# $FreeBSD: src/etc/syslog.conf,v 1.13.2.2 2001/02/26 09:26:11 phk Exp $
#
# Spaces are NOT valid field separators in this file.
# Consult the syslog.conf(5) manpage.
*.err;kern.debug;auth.notice;mail.crit /dev/console
*.notice;kern.debug;lpr.info;mail.crit;news.err;local2.none
/var/log/messages
security.* /var/log/security
mail.info /var/log/maillog
lpr.info /var/log/lpd-errs
cron.* /var/log/cron
*.err root
*.notice;news.err root
*.alert root
*.emerg *
# uncomment this to log all writes to /dev/console to /var/log/console.log
#console.info /var/log/console.log
# uncomment this to enable logging of all log messages to /var/log/all.log
#*.* /var/log/all.log
# uncomment this to enable logging to a remote loghost named loghost
#*.* @loghost
# uncomment these if you're running inn
# news.crit /var/log/news/news.crit
# news.err /var/log/news/news.err
# news.notice /var/log/news/news.notice
!startslip
*.* /var/log/slip.log
!ppp
*.* /var/log/ppp.log
# This logs successful and failed sudo attempts to the file
/var/log/sudo.log
local2.debug /var/log/sudo.log
Thanks for the help,
John Hines
----- Original Message -----
From: Todd C. Miller <Todd.Miller at courtesan.com>
To: John Hines <bigjohn_101 at hotmail.com>
Cc: <sudo-users at sudo.ws>
Sent: Tuesday, January 22, 2002 9:49 PM
Subject: Re: trouble with syslog and sudo logs
> In message <OE16SN2uhoSQD5Y54Qt00012596 at hotmail.com>
> so spake "John Hines" (bigjohn_101):
>
> > # $FreeBSD: src/etc/syslog.conf,v 1.13.2.2 2001/02/26 09:26:11 phk Exp $
> > #
> > # Spaces are NOT valid field separators in this file.
> > # Consult the syslog.conf(5) manpage.
> > *.err;kern.debug;auth.notice;mail.crit /dev/console
> > *.notice;kern.debug;lpr.info;mail.crit;news.err /var/log/messages
> > security.* /var/log/security
> > mail.info /var/log/maillog
> > lpr.info /var/log/lpd-errs
> > cron.* /var/log/cron
> > *.err root
> > *.notice;news.err root
> > *.alert root
> > *.emerg *
> > # uncomment this to log all writes to /dev/console to =
> > /var/log/console.log
> > #console.info /var/log/console.log
> > # uncomment this to enable logging of all log messages to =
> > /var/log/all.log
> > #*.* /var/log/all.log
> > # uncomment this to enable logging to a remote loghost named loghost
> > #*.* @loghost
> > # uncomment these if you're running inn
> > # news.crit /var/log/news/news.crit
> > # news.err /var/log/news/news.err
> > # news.notice =
> > /var/log/news/news.notice
> > !startslip
> > *.* /var/log/slip.log
> > !ppp
> > *.* /var/log/ppp.log
> > # This logs successful and failed sudo attempts to the file =
> > /var/log/sudo.log
> > local2.debug /var/log/sudo.log
>
> You need to add "local2.none" after the "news.err" in /var/log/messages
> line. That will keep sudo messages going to /var/log/messages.
>
> - todd
>
More information about the sudo-users
mailing list