[sudo-users] Changing sudo default syslog facility

Todd C. Miller Todd.Miller at courtesan.com
Wed Feb 17 11:36:14 EST 2010

In message <3be30bc51002170811w1813e56eud98de011ed679c46 at mail.gmail.com>
	so spake Chuck (chuck.carson):

> Is there a way to change the default syslog facility that sudo uses?
> (running version  1.6.9p16) From what I gathered it uses local2.notice...

Sure.  A line like the following in sudoers:

    Defaults syslog=local2, syslog_badpri=alert, syslog_goodpri=notice

correctsponds to the default values.  Here are the relevant bits
from the sudoers man page:

   syslog      Syslog facility if syslog is being used for
	       logging (negate to disable syslog logging).
	       Defaults to local2.

   syslog_badpri   Syslog priority to use when user
		   authenticates unsuccessfully.  Defaults to

   syslog_goodpri  Syslog priority to use when user
		   authenticates successfully.  Defaults to

   When logging via syslog(3), sudo accepts the following
   values for the syslog facility (the value of the syslog
   Parameter): authpriv (if your OS supports it), auth,
   daemon, user, local0, local1, local2, local3, local4,
   local5, local6, and local7.  The following syslog
   priorities are supported: alert, crit, debug, emerg, err,
   info, notice, and warning.

 - todd

More information about the sudo-users mailing list