[sudo-users] sudo_logsrvd configuration
Stefan Johnson
tigerphoenixdragon at gmail.com
Mon Jul 19 14:18:52 MDT 2021
I've been working on trying to get the new sudo_logsrvd configuration to
work the last few days, and nothing I try actually works. With TLS
enabled, it says there is no peer certificate in an "openssl s_client" test.
With TLS disabled, I don't see any TLS errors, but when I run a command
that should log input/output, I don't see any logs generated on the server.
The Log path may be part of my issue with TLS, but I can't find any error
messages to indicate what the problem might be.
My /etc/sudo_logsrvd.conf file contains a server, iolog, eventlog, and
logfile section. I didn't configure any relay information, because I
wasn't looking to do any relaying. The non-TLS version just has a
listen_address directive using the default values.
[server]
listen_address = *:30343
[iolog]
iolog_dir = /var/log/sudo_replay_logs
iolog_file =
/%Y/%m/%d/%H%M/%{hostname}/%s_u_%{user}_g_%{group}_ru_%{runas_user}_rg_%{runas_group}_c_%{command}_XXXXXX
iolog_group = redacted
iolog_mode = 0640
[eventlog]
log_type = logfile
log_format = json
[logfile]
path = /var/log/sudo.json
time_format = "%h %d %T"
I'm sure I'm doing something stupid here, but I'm so wrapped up in this at
the moment that I can't see the forest for the trees. Can someone please
try to point me in a direction that will either get me some logs that help
indicate what I'm doing wrong, or point out what I'm doing wrong if it's
obvious to you all.
Thanks!
Stefan
More information about the sudo-users
mailing list