> From email@example.com Mon Apr 24 16:25:49 1995
> Sender: firstname.lastname@example.org
> Date: Mon, 24 Apr 95 09:39:33 PDT
> From: email@example.com (Chris Doane)
> Reply-To: firstname.lastname@example.org (Chris Doane)
> Followup-To: junk
> To: email@example.com
> Subject: Sending logging to central syslog server
> Content-Length: 349
> We're in the process of setting up sudo, the shareware root
> password administration program. I'd like to utilize the
> ability to log activity to a central syslog server, but am
> unclear on just how this is setup with this program. Can
> someone point me to some sort of reference for how to do this?
> Chris Doane
Much thanks to:
Leslie Dreyer Kalra
Brian T. Wightman
R A Lichtensteiger
While everyone provided me with excellent help in setting up
syslog logging to a central host, R A Lichtensteiger helped
me to catch the point I was missing. That is, sudo compiles
using the "local2" facility, not "auth" - as I was presuming,
for alerting syslog. Once I recognized that, it was a cinch.
Thanks, again, to everyone. Following is the procedure I
----- Begin Included Message -----
Back at the ranch, Chris Doane scribed:
: We're in the process of setting up sudo, the shareware root
: password administration program. I'd like to utilize the
: ability to log activity to a central syslog server, but am
: unclear on just how this is setup with this program. Can
: someone point me to some sort of reference for how to do this?
>From the sudo.h file:
SYSLOG - if you want to use syslog instead of a log file
( This is a nice feature. You can
collect all you sudo logs at a
central host. The default is for
sudo to log at the local2 facility.)
>From the Makefile:
DEFINES = -DSYSLOG -DSEND_MAIL_WHEN_NO_USER -DSyslog_options=0 -DBSD
Then set your /etc/syslog.conf to forward all "local2.notice" (or better)
messages to your log host.
In the loghost have local2.notice write to a file.
Sudo logs "approved" uses at the notice priority and "unapproved" uses at
the alert priority.
-- R A Lichtensteiger firstname.lastname@example.org System Administrator Horizon Research Inc (617) 466-8304 Waltham MA 02154 http://www.hri.com/HRI/People/rali.html
I use Solaris because someone told me it was admirable to work with the handicapped ...
----- End Included Message -----
This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:10:22 CDT