3

Isolating sudo messages from syslog

view full story
linux-howto

http://www.debian-administration.org – sudo is an essential tool in an environment where there are multiple server and system administrators. By default sudo will log to syslog, and it is very straight-forward to isolate the logging to a local file which can be useful. (Distributions)

unic's picture
Submitted by unic on 03/12/2012 – Made popular on 03/12/2012

Stories similar to Isolating sudo messages from syslog

I'm writing some parsing logic for syslog-ng messages and am noticing that for many of the commands syslog-ng prepends a <[0-9]+> string to most of my messages.

Here is an example from me running sudo:

<85>Aug 2 09:42:09 sholsapp-ld sudo: sholsapp : TTY=pts/28 ; PWD=/home/sholsapp ; USER=root ; COMMAND=/bin/ls

What is the meaning/significance of the <85>?

When I'm trying to install MySQL 5.5 community edition on my Ubuntu 10.04 by compiling the source code, I met the following problem:

$ fg % 1 sudo ../bin/mysqld_safe --basedir=/usr/local/mysql_community_5.5/data --user=mysql --defaults-file=/etc/my.cnf

[sudo] password for linnan:

Sorry, try again.

I have some non-privileged "role accounts" that need the ability to view [some of] the local syslogs (eg. /var/log/messages) for debugging purposes.

This is explicitly local log data, not remote syslog, logstash, etc. Obviously, there's several ways to address this issue.

Syslog Better Logging Tutorial 3 years 2 weeks ago

Syslog Better Logging Tutorial Syslog is a powerful tool, but only if you can actually use it. This guide will go over the basics of syslog and provide you with a much more powerful default configuration.

We have selinux running in permissive mode on a RHEL 5.3 server. Disabling it is not an option, nor is installing a different syslog solution such as syslog-ng. I have setroubleshoot messages that keep polluting /var/log/messages.

we are working on project related to language translation with the help of moses tool...but we are not able to install moses...we face some installation problems. we make a directory on desktop named workingdir

Sir we install the initial packages:-

$sudo apt-get install build-essential $sudo apt-get install subversion $sudo apt-get install tcl-dev $sudo apt-get install tclx8.4-de

Syslog- Solaris 9 2 years 40 weeks ago

HI admins,

I am facing an issue with syslog on solaris9.

It runs for some time after /etc/init.d/syslog start and after some time, it stops the logging of messages..also ps -eaf | grep sys not showing the syslog processes.......... When i start syslog using /etc/init.d/syslog start, /var/adm/messages reports messages as follows: krtld: [ID 472681 kern.notice] WARNING: mod_load: cannot load modul

Hello there

I'm trying to devise a new sudoers configuration while building a new SOE and would like to force everyone (including system administrators) to use rootsh in favour of doing things like sudo -s, sudo bash, sudo tcsh and so forth. Effectively, use sudo to use any shell other than rootsh.

Is there a way to allow users to run anything they want except shells.

Hello all,

I manage some HP-UX 11.31 servers. I have some users that have sudo access. All of them belong to the 'sudoers' user group.