[sudo-users] Changing sudo default syslog facility
Todd C. Miller
Todd.Miller at courtesan.com
Wed Feb 17 11:36:14 EST 2010
In message <3be30bc51002170811w1813e56eud98de011ed679c46 at mail.gmail.com>
so spake Chuck (chuck.carson):
> Is there a way to change the default syslog facility that sudo uses?
> (running version 1.6.9p16) From what I gathered it uses local2.notice...
Sure. A line like the following in sudoers:
Defaults syslog=local2, syslog_badpri=alert, syslog_goodpri=notice
correctsponds to the default values. Here are the relevant bits
from the sudoers man page:
syslog Syslog facility if syslog is being used for
logging (negate to disable syslog logging).
Defaults to local2.
syslog_badpri Syslog priority to use when user
authenticates unsuccessfully. Defaults to
alert.
syslog_goodpri Syslog priority to use when user
authenticates successfully. Defaults to
notice.
When logging via syslog(3), sudo accepts the following
values for the syslog facility (the value of the syslog
Parameter): authpriv (if your OS supports it), auth,
daemon, user, local0, local1, local2, local3, local4,
local5, local6, and local7. The following syslog
priorities are supported: alert, crit, debug, emerg, err,
info, notice, and warning.
- todd
More information about the sudo-users
mailing list