sudo and sylogd logging
eman at secure.tgape.org
Sun May 23 07:57:58 EDT 2004
On Fri, 7 May 2004, Martinez, Margie (ETSD) wrote:
> I've installed "sudo" using rpm on an AIX 5.2 machine. I'm having trouble
> getting it to log using syslogd. I can get it to log using the sudoers
> file, but prefer not to because the sudoers file is not secure and also I'd
> like to log to an alternate host.
> I've set up the syslog.conf file and it does pick up other things like when
> a user su's or running "refresh -s syslogd", but it does not pickup when
> someone issues a "sudo" command. I even got it to log into an alternate
> host file.
> It seems like syslogd does not acknowledge "sudo"
> In my syslog.conf file I entered:
> *.* /var/adm/sudolog
I don't think your log priority specification is correct for AIX's
syslogd. I think you need to use 'debug' instead (which should log
everything that's debug or higher, aka everything.).
Typically, proprietary unix systems don't understand the * for priority.
If you've installed a freeware or Open Source syslogd, this does not
apply. Also, given that you're actually telling it to log *everything*
to that file, you can tell if this is the correct answer by what is
making it into the file - if anything is being written by syslogd into
that file, then I'm wrong.
More information about the sudo-workers