[sudo-users] sudoreplay logs from syslog-server

Patrick Spinler spinler.patrick at mayo.edu
Wed Sep 7 10:18:59 EDT 2011

On 09/07/2011 07:07 AM, Todd C. Miller wrote:
> On Wed, 07 Sep 2011 10:14:08 +0200, Sebastian Ohliger wrote:
>> is it possible with sudoreplay to replay sessions logged to an
>> syslog-server?  We're using sudo with local logging on each server
>> and sometimes user starts an top or nmon and he forget his session...
>> Now we're implementing a new concept for user management, for
>> sudo I don't wan't to store logs local.
> The session logs are not plain text and so are not really suitable
> for syslog, which is why they are currently only logged locally.
> Remote logging of session would require a separate log daemon.
> The sourceforge project sslogger comes with a dameon, slogd that
> could probably be used if a sudo I/O logging plugin was written for
> it.


Logging sessions via  syslog would also be a desirable feature in our
setup.  We centralize our syslogs as a auditing feature, and this could
only help.

If I may make a suggestion, an option might be to encode sessions into a
printable ascii format, tag it with a session ID, and forward it to
syslog.  Then sudoreply could have the decoding built into it.

I'd be willing to help out here, if I could wriggle enough free tuits,
and if you thought the concept was acceptable, I'd not mind working on a
patch to submit.

-- Pat

More information about the sudo-users mailing list