Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: sudo log and sudo auditing
Operating Systems AIX sudo log and sudo auditing Post 302477940 by frank_rizzo on Monday 6th of December 2010 07:31:09 PM
Old 12-06-2010
it depends on your sudoers configuration but the default is syslog. you may have to add a line to /etc/syslog.conf and refresh syslogd. check the sudo documentation for details.
 

9 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

sudo log files

folks; I just did setup sudo on Solaris 10 through "sudoer" file. Now, i try to look at the log files to see any user activities under /var/log/syslog & all i see if someone try to run "sudo -u root tcsh" & got an error or was successful. But i don't see any activities, for example: if a user... (0 Replies)
Discussion started by: Katkota
0 Replies

2. UNIX for Dummies Questions & Answers

Unable to use the Sudo command. "0509-130 Symbol resolution failed for sudo because:"

Hi! I'm very new to unix, so please keep that in mind with the level of language used if you choose to help :D Thanks! When attempting to use sudo on and AIX machine with oslevel 5.1.0.0, I get the following error: exec(): 0509-036 Cannot load program sudo because of the following errors:... (1 Reply)
Discussion started by: Chloe123
1 Replies

3. Cybersecurity

sudo /bin/sh or sudo su -

we are looking at changing the way we get root on our network. in our current system if an admin needs root access he just gets the root password and uses an su. some of our staff have decided that a sudo to "/bin/sh" will be easer. some of our staff think a sudo to "su -" will be better. I... (0 Replies)
Discussion started by: robsonde
0 Replies

4. Shell Programming and Scripting

ssh foo.com sudo command - Prompts for sudo password as visible text. Help?

I am writing a BASH script to update a webserver and then restart Apache. It looks basically like this: #!/bin/bash rsync /path/on/local/machine/ foo.com:path/on/remote/machine/ ssh foo.com sudo /etc/init.d/apache2 reloadrsync and ssh don't prompt for a password, because I have DSA encryption... (9 Replies)
Discussion started by: fluoborate
9 Replies

5. UNIX for Advanced & Expert Users

Sudo log

Hello, Is it possible to configure the sudo log to register the logname instead of the username? I mean, if user A logs and su (switch user) to user B and then uses SUDO to execute commands, the log will register actions of user B. What I need is to register these actions as being executed... (1 Reply)
Discussion started by: crematoriumm
1 Replies

6. Shell Programming and Scripting

sudo: sorry, you must have a tty to run sudo

Hi All, I running a unix command using sudo option inside shell script. Its working well. But in crontab the same command is not working and its throwing "sudo: sorry, you must have a tty to run sudo". I do not have root permission to add or change settings for my userid. I can not even ask... (9 Replies)
Discussion started by: Apple1221
9 Replies

7. Shell Programming and Scripting

sudo: sorry, you must have a tty to run sudo

Hi, Have a need to run the below command as a "karuser" from a java class which will is running as "root" user. When we are trying to run the below command from java code getting the below error. Command: sudo -u karuser -s /bin/bash /bank/karunix/bin/build_cycles.sh Error: sudo: sorry,... (8 Replies)
Discussion started by: Satyak
8 Replies

8. UNIX for Dummies Questions & Answers

Sudo log

hi, i have installed sudo now want to create sudo log file to capture every sudo event like "if any user does sudo and then runs a command line, this all must be captured who did what" kindly assist plantform:- linux RHEL, soalris 10 (1 Reply)
Discussion started by: firozk679
1 Replies

9. Shell Programming and Scripting

Sudo or su keeps flooding my /var/log/messages

It is crazy when you just entered a command example sudo or su or even ps. It will flood your /var/log/messages. Please see duplicate entries except for the pid. At 1 specific time. Thanks $ cat b Jan 13 17:09:05 SERVER1 bash: user1 as root: Jan 13 17:09:05 SERVER1 bash: user1 as root: Jan... (3 Replies)
Discussion started by: invinzin21
3 Replies

LEARN ABOUT OSF1

syslog_evm.conf

syslog_evm.conf(4)					     Kernel Interfaces Manual						syslog_evm.conf(4)

NAME

       syslog_evm.conf - EVM syslog subscription configuration file

SYNOPSIS

       facility.priority

DESCRIPTION

       The  syslog_evm.conf file is a text file that specifies what syslog messages will be forwarded from the syslog daemon to the Event Manager,
       EVM,in the form of EVM events.  Those syslog messages are posted to the EVM daemon evmd by syslogd if the syslogd  forwarding  function	is
       turned on with the -e flag.  Events are posted with the EVM name of sys.unix.syslog.facility-name.

       This configuration file is read every time syslogd starts, or is restarted by a SIGHUP signal.  If the file does not exist, or if it exists
       but contains no subscription lines, no syslog messages will be posted to EVM.

       Each line in the file controls the forwarding of one syslog event.  Lines beginning with the # character are considered	comments  and  are
       ignored.  Only one subscription per line is permitted.  Mixing a subscription and a comment on the same line is not allowed.

       Each  line has the format facility.priority[+].	Specifies the part of the system that generated the message.  Legal values are the follow-
       ing: All messages.  Messages generated by the kernel.  Messages generated by user processes.  Messages generated by the mail system.   Mes-
       sages  generated  by  system  daemons.	Messages generated by the authorization system.  Messages generated internal to the syslog system.
       Messages generated by the line printer spooling system.	Messages generated by the system news command.	Messages generated by the UNIX	to
       UNIX  copy  system.   Messages  generated by the system clock daemon.  Messages generated by remote file systems.  Available for local use.
       Indicates the priority of the message.  If the priority is followed by a + character, events which are of the specified priority or  higher
       are forwarded; otherwise only events which exactly match the priority are forwarded.

	      The priority level must be one of the following: Forward messages of any priority.  Forward messages of emergency priority.  Forward
	      messages of alert priority.  Forward messages of critical priority.  Forward messages of error priority.	Forward messages of  warn-
	      ing priority.  Forward messages of notice priority.  Forward messages of information priority.  Forward messages of debug priority.

EXAMPLES

       This  example causes syslogd to forward events to EVM as follows: All messages of emergency priority are forwarded.  All messages generated
       in the kernel which have a priority of info or greater are forwarded.  All messages generated by users, by the mail  subsystem  or  by  the
       system daemons which have a priority of info or greater are forwarded.

       *.emerg kern.info+ user.notice+ mail.notice+ daemon.notice+

FILES

       Location  of the system logger configuration file.  Location of the EVM syslog subscription configuration file.	Location of the EVM logger
       configuration file.

SEE ALSO

       Commands: evmd(8), evmlogger(8), syslog(1), syslogd(8)

       Routines: syslog(3)

       Event Management: EVM(5)
       delim off

																syslog_evm.conf(4)
All times are GMT -4. The time now is 01:22 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy