Getting logging in sudo to work


According to various documents, sudo should automatically log all commands used by sudo users, if the following is added to the /etc/syslog.conf file:

  local2.debug /var/log/sudo.log

Except it didn't work for me, at least not on a Red Hat 7.3 box. The /var/log/sudo.log file was created, but no data was ever written to it. So, instead, I found that adding this to the /etc/sudoers file worked:

  Defaults logfile=/var/log/sudolog

The log file in this example has a slightly different name, although you could call it anything you want.

12/22/2003