trouble with syslog and sudo logs

John Hines bigjohn_101 at hotmail.com
Wed Jan 23 00:11:51 EST 2002 

Hello,

  I've recently installed sudo on a FreeBSD4.4 box and am unable to log to /var/log/sudo.log .  All of my sudo logs are going to /var/log/messages.  I believe my sudo messages are going to /var/log/messages because the syslog priority of a successful login attempt is "notice" which is set to log to /var/log/messages in my syslog.conf.  However even unsuccessful login attempts are logged to /var/log/messages.  I have inserted any pertinent information that I could think of below.  

Output from sudo -V:

Syslog facility if syslog is being used for logging: local2
Syslog priority to use when user authenticates successfully: notice
Syslog priority to use when user authenticates unsuccessfully: alert

syslog.conf:

# $FreeBSD: src/etc/syslog.conf,v 1.13.2.2 2001/02/26 09:26:11 phk Exp $
#
#       Spaces are NOT valid field separators in this file.
#       Consult the syslog.conf(5) manpage.
*.err;kern.debug;auth.notice;mail.crit          /dev/console
*.notice;kern.debug;lpr.info;mail.crit;news.err /var/log/messages
security.*                                      /var/log/security
mail.info                                       /var/log/maillog
lpr.info                                        /var/log/lpd-errs
cron.*                                          /var/log/cron
*.err                                           root
*.notice;news.err                               root
*.alert                                         root
*.emerg                                         *
# uncomment this to log all writes to /dev/console to /var/log/console.log
#console.info                                   /var/log/console.log
# uncomment this to enable logging of all log messages to /var/log/all.log
#*.*                                            /var/log/all.log
# uncomment this to enable logging to a remote loghost named loghost
#*.*                                            @loghost
# uncomment these if you're running inn
# news.crit                                     /var/log/news/news.crit
# news.err                                      /var/log/news/news.err
# news.notice                                   /var/log/news/news.notice
!startslip
*.*                                             /var/log/slip.log
!ppp
*.*                                             /var/log/ppp.log
# This logs successful and failed sudo attempts to the file /var/log/sudo.log
local2.debug                                    /var/log/sudo.log


Thank You in advance,

John Hines
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/sudo-users/attachments/20020122/422df79f/attachment.html>

More information about the sudo-users mailing list