trouble with syslog and sudo logs
John Hines
bigjohn_101 at hotmail.com
Wed Jan 23 02:23:24 EST 2002
Hi Matt,
I do have a /var/log/sudo.log which I even chmod'd to 777. For some
reason though all my sudo logs still go to /var/log/messages. I'm convinced
it has something to do with my syslog.conf file. I followed the spacing
format that the other entries use.
Thanks for the help,
John Hines
----- Original Message -----
From: Matthew Hannigan <mlh at zip.com.au>
To: John Hines <bigjohn_101 at hotmail.com>
Sent: Tuesday, January 22, 2002 7:37 PM
Subject: Re: trouble with syslog and sudo logs
>
> Does sudo.log exist? Some (most?) syslogd's require
> that that file exists already. Just touch it if not,
> and kill -1 <pid of syslog>
>
> That's the 2nd most irritating thing about syslog.
> (after the insistence of tabs and not spaces).
>
> Regards,
> -Matt
>
>
>
> > John Hines wrote:
> >
> > Hello,
> >
> > I've recently installed sudo on a FreeBSD4.4 box and am unable to
> > log to /var/log/sudo.log . All of my sudo logs are going to
> > /var/log/messages. I believe my sudo messages are going to
> > /var/log/messages because the syslog priority of a successful login
> > attempt is "notice" which is set to log to /var/log/messages in my
> > syslog.conf. However even unsuccessful login attempts are logged to
> > /var/log/messages. I have inserted any pertinent information that I
> > could think of below.
> >
> > Output from sudo -V:
> >
> > Syslog facility if syslog is being used for logging: local2
> > Syslog priority to use when user authenticates successfully: notice
> > Syslog priority to use when user authenticates unsuccessfully: alert
> >
> > syslog.conf:
> >
> > # $FreeBSD: src/etc/syslog.conf,v 1.13.2.2 2001/02/26 09:26:11 phk Exp
> > $
> > #
> > # Spaces are NOT valid field separators in this file.
> > # Consult the syslog.conf(5) manpage.
> > *.err;kern.debug;auth.notice;mail.crit /dev/console
> > *.notice;kern.debug;lpr.info;mail.crit;news.err /var/log/messages
> > security.* /var/log/security
> > mail.info /var/log/maillog
> > lpr.info /var/log/lpd-errs
> > cron.* /var/log/cron
> > *.err root
> > *.notice;news.err root
> > *.alert root
> > *.emerg *
> > # uncomment this to log all writes to /dev/console to
> > /var/log/console.log
> > #console.info /var/log/console.log
> > # uncomment this to enable logging of all log messages to
> > /var/log/all.log
> > #*.* /var/log/all.log
> > # uncomment this to enable logging to a remote loghost named loghost
> > #*.* @loghost
> > # uncomment these if you're running inn
> > # news.crit
> > /var/log/news/news.crit
> > # news.err /var/log/news/news.err
> > # news.notice
> > /var/log/news/news.notice
> > !startslip
> > *.* /var/log/slip.log
> > !ppp
> > *.* /var/log/ppp.log
> > # This logs successful and failed sudo attempts to the file
> > /var/log/sudo.log
> > local2.debug /var/log/sudo.log
> >
> >
> > Thank You in advance,
> >
> > John Hines
>
More information about the sudo-users
mailing list