[sudo-users] Clarification of maxseq and logging

Scott Birl ScottBirl at temple.edu
Thu Feb 22 12:00:18 MST 2018


My Google-Fu could not find the answer I wanted, so apologies if this has already been answered and Ive missed it:

I need some clarification on the maxseq option (now available in my RHEL 7.4 environment).

Two different servers with two different (but similar) logging structures:
    server1 logs locally to /var/log/sudo-io
        Defaults iolog_dir=/var/log/sudo-io/

    server2 logs locally to /var/log/sudo-io/<user>
        Defaults iolog_dir=/var/log/sudo-io/%{user}

Underneath each has
    server1 /var/log/sudo-io/00/

    server2 /var/log/sudo-io/<user>

maxseq has now been set to 370 (AA) in my environment.
The man page says %{seq} expands every two numbers/characters make up the directory structure, with the given example 0100A5 becoming 01/00/A5.


By setting maxseq to 370 on server1, can I assume (with a value of 0000AA) the first two directories will always be 00/00 and the third directory to range from 00 to AA?  (Effectively a total of 372 directories underneath /var/log/sudo-io).  I should not expect a structure of /var/log/sudo-io/[00-AA]/[00-AA]/[00-AA]/

By setting maxseq to 370 on server2, I should expect 00/00/[00-AA] per user, correct?

S.A. Birl

More information about the sudo-users mailing list