[sudo-users] sudoreplay logs from syslog-server
Patrick Spinler
spinler.patrick at mayo.edu
Wed Sep 7 10:18:59 EDT 2011
On 09/07/2011 07:07 AM, Todd C. Miller wrote:
> On Wed, 07 Sep 2011 10:14:08 +0200, Sebastian Ohliger wrote:
>
>> is it possible with sudoreplay to replay sessions logged to an
>> syslog-server? We're using sudo with local logging on each server
>> and sometimes user starts an top or nmon and he forget his session...
>> Now we're implementing a new concept for user management, for
>> sudo I don't wan't to store logs local.
>
> The session logs are not plain text and so are not really suitable
> for syslog, which is why they are currently only logged locally.
> Remote logging of session would require a separate log daemon.
>
> The sourceforge project sslogger comes with a dameon, slogd that
> could probably be used if a sudo I/O logging plugin was written for
> it.
>
Todd:
Logging sessions via syslog would also be a desirable feature in our
setup. We centralize our syslogs as a auditing feature, and this could
only help.
If I may make a suggestion, an option might be to encode sessions into a
printable ascii format, tag it with a session ID, and forward it to
syslog. Then sudoreply could have the decoding built into it.
I'd be willing to help out here, if I could wriggle enough free tuits,
and if you thought the concept was acceptable, I'd not mind working on a
patch to submit.
-- Pat
More information about the sudo-users
mailing list