sudo log messages

Sun Dec 4 17:44:55 UTC 2011

Коньков Евгений <kes-kes at yandex.ru> writes:

> Здравствуйте, Polytropon.
>
> Вы писали 4 декабря 2011 г., 15:41:45:
>
> P> On Sun, 4 Dec 2011 05:34:19 +0200, Коньков Евгений wrote:
>>> Tell me please how to stop sudo to food /var/log/messages?
>
> P> ADDITION: Of course I meant /usr/local/etc/sutoers,
> P> NOT sudo.conf.
>
> P> Instead of logging via syslog (to /var/log/messages),
> P> why not use a specific log file for sudo? Add those
> P> lines to the sudoers file:
>
> P>         Defaults logfile=/var/log/sudo.log
> P>         Defaults !syslog
>
> P> Make sure /var/log/sudo.log exists, and maybe use
> P> newsyslog.conf to deal with log rotation and archiving.
> P> However, you can easily purge sudo log information
> P> this way, if required.
>
> P> The file /usr/local/share/doc/sudo/sample.sudoers
> P> contains an example.
>
> yes, that is not problem, but I want to control logging in one place
> not in each config file of service I have ran on machine.
>
> I have thought that this
> !sudo
> *.*                                             /var/log/sudo.log
> will take off logging in /var/log/messages but this work as
> log to /var/log/messages and to /var/log/sudo.log =((

You are not clear about what you really want.  If you want it to log to
auth.log instead of messages, then you can use the following in your
sudoers file:

   Defaults syslog=authpriv

The sample file that was mentioned earlier is one source for
information, but the best source is the sudoers(5) man page.  Just
search it for syslog and you will find several settings.

-- 
Carl Johnson		carlj at peak.org