[sudo-users] Sudo logs question.

Stanley, Jon Jon.Stanley at savvis.net
Mon Nov 27 16:06:52 EST 2006

sudo simply logs to syslog.  You can do anything with it that your
syslog daemon is capable of doing.  Most of them out there can't do
this.  However, if you use syslog-ng, you can do something like the
following (assuming that someuser is what you want to watch):

filter f_someuser	{ program(sudo) and match(someuser); };
filter f_sudo { program(sudo) and not (match(someuser)); };

Then use these filters in your log statements as appropiate.
>-----Original Message-----
>From: sudo-users-bounces at courtesan.com 
>[mailto:sudo-users-bounces at courtesan.com] On Behalf Of 
>Loris.Serena at pfpc.ie
>Sent: Monday, November 27, 2006 1:15 PM
>To: sudo-users at sudo.ws
>Subject: [sudo-users] Sudo logs question.
>I'd like to achieve the following:
>a. send the sudo logs for one specific user to one file;
>b. send the sudo logs for all other users to another file.
>Is this doable?
>If so, how do I go about this?
>Thanks in advance
>sudo-users mailing list <sudo-users at sudo.ws>
>For list information, options, or to unsubscribe, visit:

More information about the sudo-users mailing list