3

Isolating sudo messages from syslog

view full story
linux-howto

http://www.debian-administration.org – sudo is an essential tool in an environment where there are multiple server and system administrators. By default sudo will log to syslog, and it is very straight-forward to isolate the logging to a local file which can be useful. (Distributions)

unic's picture
Submitted by unic on 03/12/2012 – Made popular on 03/12/2012

Stories similar to Isolating sudo messages from syslog

I'm writing some parsing logic for syslog-ng messages and am noticing that for many of the commands syslog-ng prepends a <[0-9]+> string to most of my messages.

Here is an example from me running sudo:

<85>Aug 2 09:42:09 sholsapp-ld sudo: sholsapp : TTY=pts/28 ; PWD=/home/sholsapp ; USER=root ; COMMAND=/bin/ls

What is the meaning/significance of the <85>?

When I'm trying to install MySQL 5.5 community edition on my Ubuntu 10.04 by compiling the source code, I met the following problem:

$ fg % 1 sudo ../bin/mysqld_safe --basedir=/usr/local/mysql_community_5.5/data --user=mysql --defaults-file=/etc/my.cnf

[sudo] password for linnan:

Sorry, try again.

I have some non-privileged "role accounts" that need the ability to view [some of] the local syslogs (eg. /var/log/messages) for debugging purposes.

This is explicitly local log data, not remote syslog, logstash, etc. Obviously, there's several ways to address this issue.

Syslog Better Logging Tutorial 3 years 2 weeks ago

Syslog Better Logging Tutorial Syslog is a powerful tool, but only if you can actually use it. This guide will go over the basics of syslog and provide you with a much more powerful default configuration.

We have selinux running in permissive mode on a RHEL 5.3 server. Disabling it is not an option, nor is installing a different syslog solution such as syslog-ng. I have setroubleshoot messages that keep polluting /var/log/messages.

we are working on project related to language translation with the help of moses tool...but we are not able to install moses...we face some installation problems. we make a directory on desktop named workingdir

Sir we install the initial packages:-

$sudo apt-get install build-essential $sudo apt-get install subversion $sudo apt-get install tcl-dev $sudo apt-get install tclx8.4-de

Syslog- Solaris 9 2 years 41 weeks ago

HI admins,

I am facing an issue with syslog on solaris9.

It runs for some time after /etc/init.d/syslog start and after some time, it stops the logging of messages..also ps -eaf | grep sys not showing the syslog processes.......... When i start syslog using /etc/init.d/syslog start, /var/adm/messages reports messages as follows: krtld: [ID 472681 kern.notice] WARNING: mod_load: cannot load modul

Hello there

I'm trying to devise a new sudoers configuration while building a new SOE and would like to force everyone (including system administrators) to use rootsh in favour of doing things like sudo -s, sudo bash, sudo tcsh and so forth. Effectively, use sudo to use any shell other than rootsh.

Is there a way to allow users to run anything they want except shells.

Mandriva: 2010:118: sudo 2 years 49 weeks ago

LinuxSecurity.com: A vulnerability has been discovered and corrected in sudo: The secure path feature in env.c in sudo 1.3.1 through 1.6.9p22 and 1.7.0 through 1.7.2p6 does not properly handle an environment that contains multiple PATH variables, which might allow local users [More...]