[sudo-users] succesful commands logged at alert level and syslog_*pri settings ignored

[Jasper Jongmans]

After updating FreeBSD, succesful sudo commands are logged to my active 
terminal. My syslogd is configured to send *.crit to my user and 
restarting it with -vv reveals the logs are at auth.alert, indicating 
syslogd is behaving as expected.

Setting syslog_goodpri to its default value of notice or even to none, 
still causes the logs to be auth.alert, while I expected them to 
respectively become auth.notice and to not be sent to syslog at all. 
Setting !syslog_goodpri does stop the logs from appearing in syslog, as 
expected. Changing syslog_badpri to for example err and failing 
authentication on purpose, also give logs at auth.alert instead of auth.err.

% cat /usr/local/etc/sudoers
# Defaults specification
Defaults env_keep += "EDITOR PAGER LESS CLICOLOR LSCOLORS"
Defaults env_keep += "PKG_PATH PKG_DBDIR PKG_TMPDIR TMPDIR PACKAGEROOT 
PACKAGESITE PKGDIR FTP_PASSIVE_MODE"
Defaults env_keep += "LANG LANGUAGE LINGUAS LC_* _XKB_CHARSET"
Defaults syslog_badpri=err
Defaults syslog_goodpri=info
Defaults !tty_tickets, umask_override, timestamp_timeout=10
Defaults>root umask=0022

# User privilege specification
root    ALL = (ALL) ALL
aprogas ALL = (ALL) ALL

% sudo id  # wrong password on purpose
sudo: 3 incorrect password attempts
Dec 20 17:54:54 <auth.alert> enki sudo:  aprogas : 3 incorrect password 
attempts ; TTY=pts/8 ; PWD=/ ; USER=root ; COMMAND=/usr/bin/id
# expected <auth.err>

% sudo id  # correct password
uid=0(root) gid=0(wheel) groups=0(wheel),5(operator)
Dec 20 17:56:36 <auth.alert> enki sudo:  aprogas : TTY=pts/8 ; PWD=/ ; 
USER=root ; COMMAND=/usr/bin/id
# expected <auth.info>

% sudo -V
Sudo version 1.8.19
Sudoers policy plugin version 1.8.19
Sudoers file grammar version 45
Sudoers I/O plugin version 1.8.19

% uname -a
FreeBSD enki.aprogas.net 10.3-RELEASE-p11 FreeBSD 10.3-RELEASE-p11 #0: 
Mon Oct 24 18:49:24 UTC 2016 
root at amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC amd64