I received this alert. Actually fwded by my colleague as he is not supposed to receive this alert. He asked me to check.
Date: 11.04.2014 04:33
Subject: *** SECURITY information for server1 ***
server1 : Apr 11 10:33:19 : test : user NOT in sudoers ; TTY=pts/0 ; PWD=/home/test ; USER=root ; COMMAND=/bin/su -
Checked on /etc/syslog.conf and crontab - there were no settings. Could you guys please assist where else should I check? I need to disable this.