LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Ubuntu
User Name
Password
Ubuntu This forum is for the discussion of Ubuntu Linux.

Notices

Reply
 
LinkBack Search this Thread
Old 10-11-2008, 12:34 AM   #1
sulekha
Member
 
Registered: Dec 2004
Location: India
Distribution: ubuntu 10.04 , centos 5.5 , Debian lenny, Freenas
Posts: 324

Rep: Reputation: 36
Question sudo log file


Hi all,

i have read in a book that the sudo utility logs all commands it executes. this log can be useful for retracing your steps if you make a mistake
and for system auditing- what is the name of this log file ?

NB:- i use ubuntu 8.04

Last edited by sulekha; 10-11-2008 at 12:54 AM.
 
Old 10-11-2008, 12:46 AM   #2
Vit77
Member
 
Registered: Jun 2008
Location: Toronto, Canada
Distribution: Mandriva, RHEL
Posts: 122

Rep: Reputation: 16
/var/log/sudo.log
 
Old 10-11-2008, 12:51 AM   #3
sulekha
Member
 
Registered: Dec 2004
Location: India
Distribution: ubuntu 10.04 , centos 5.5 , Debian lenny, Freenas
Posts: 324

Original Poster
Rep: Reputation: 36
Question

Quote:
Originally Posted by Vit77 View Post
/var/log/sudo.log
I tried as follows

sudo cat /var/log/sudo.log
cat: /var/log/sudo.log: No such file or directory
 
Old 10-11-2008, 01:03 AM   #4
Vit77
Member
 
Registered: Jun 2008
Location: Toronto, Canada
Distribution: Mandriva, RHEL
Posts: 122

Rep: Reputation: 16
Try to examine your config file as root:
$grep logfile /etc/sudoers
It may show different log file location.

I suppose, you have run sudo command recently?
 
Old 10-11-2008, 01:12 AM   #5
billymayday
Guru
 
Registered: Mar 2006
Location: Sydney, Australia
Distribution: Fedora, CentOS, OpenSuse, Slack, Gentoo, Debian, Arch, PCBSD
Posts: 6,678

Rep: Reputation: 120Reputation: 120
Run a command under sudo, then

ls -lrt /var/log

and see what's just been updated (this lists files with most recently changed at the bottom).
 
Old 10-11-2008, 01:20 AM   #6
sulekha
Member
 
Registered: Dec 2004
Location: India
Distribution: ubuntu 10.04 , centos 5.5 , Debian lenny, Freenas
Posts: 324

Original Poster
Rep: Reputation: 36
Question

Quote:
Originally Posted by billymayday View Post
Run a command under sudo, then

ls -lrt /var/log

and see what's just been updated (this lists files with most recently changed at the bottom).
but still it is not giving me the history/log file for sudo commands i have given

Last edited by sulekha; 10-11-2008 at 01:23 AM.
 
Old 10-11-2008, 01:28 AM   #7
billymayday
Guru
 
Registered: Mar 2006
Location: Sydney, Australia
Distribution: Fedora, CentOS, OpenSuse, Slack, Gentoo, Debian, Arch, PCBSD
Posts: 6,678

Rep: Reputation: 120Reputation: 120
Are you sure?

What's the output of

sudo ls -lrt | tail -5

?
 
Old 10-11-2008, 01:37 AM   #8
sulekha
Member
 
Registered: Dec 2004
Location: India
Distribution: ubuntu 10.04 , centos 5.5 , Debian lenny, Freenas
Posts: 324

Original Poster
Rep: Reputation: 36
Question

Quote:
Originally Posted by billymayday View Post
Are you sure?

What's the output of

sudo ls -lrt | tail -5

?
this is what i have tried:-

user@ubuntu:~$ sudo nautilus
[sudo] password for user:
Initializing nautilus-share extension
seahorse nautilus module initialized
Initializing nautilus-open-terminal extension

** (nautilus:9439): WARNING **: Unable to add monitor: Operation not supported
Shutting down nautilus-open-terminal extension
seahorse nautilus module shutdown


user@ubuntu:~$ sudo ls -lrt | tail -5
drwxr-xr-x 3 user user 4096 2008-10-08 11:44 rubyfiles
-rw-r--r-- 1 user user 15 2008-10-08 17:52 a.txt
-rw-r--r-- 1 user user 15 2008-10-08 17:53 b.txt
drwxr-xr-x 2 user user 4096 2008-10-10 15:34 Pictures
drwxr-xr-x 10 user user 4096 2008-10-11 11:48 Desktop
 
Old 10-11-2008, 01:56 AM   #9
billymayday
Guru
 
Registered: Mar 2006
Location: Sydney, Australia
Distribution: Fedora, CentOS, OpenSuse, Slack, Gentoo, Debian, Arch, PCBSD
Posts: 6,678

Rep: Reputation: 120Reputation: 120
Sorry - missed a critical bit. Try

sudo ls -lrt /var/log | tail -5

instead (note using sudo to run the command should update the log, so no need to run a prior sudo)
 
Old 10-11-2008, 02:08 AM   #10
sulekha
Member
 
Registered: Dec 2004
Location: India
Distribution: ubuntu 10.04 , centos 5.5 , Debian lenny, Freenas
Posts: 324

Original Poster
Rep: Reputation: 36
Question

Quote:
Originally Posted by billymayday View Post
Sorry - missed a critical bit. Try

sudo ls -lrt /var/log | tail -5

instead (note using sudo to run the command should update the log, so no need to run a prior sudo)
i tried this

user@ubuntu:~$ sudo ls -lrt /var/log | tail -5
[sudo] password for user:
-rw-rw-r-- 1 root utmp 96000 2008-10-11 10:10 wtmp
-rw-r--r-- 1 root root 45069 2008-10-11 12:11 Xorg.0.log
-rw-r----- 1 syslog adm 771 2008-10-11 12:34 syslog
-rw-r----- 1 syslog adm 74946 2008-10-11 12:34 messages
-rw-r----- 1 syslog adm 14367 2008-10-11 12:37 auth.log
 
Old 10-11-2008, 02:14 AM   #11
billymayday
Guru
 
Registered: Mar 2006
Location: Sydney, Australia
Distribution: Fedora, CentOS, OpenSuse, Slack, Gentoo, Debian, Arch, PCBSD
Posts: 6,678

Rep: Reputation: 120Reputation: 120
And does

sudo tail /var/log/auth.log

show anything useful?
 
Old 10-11-2008, 02:27 AM   #12
sulekha
Member
 
Registered: Dec 2004
Location: India
Distribution: ubuntu 10.04 , centos 5.5 , Debian lenny, Freenas
Posts: 324

Original Poster
Rep: Reputation: 36
Thumbs up

Quote:
Originally Posted by billymayday View Post
And does

sudo tail /var/log/auth.log

show anything useful?
i definitely does , but then sudo tail /var/log/auth.log
should be rather sudo cat /var/log/auth.log
 
Old 10-11-2008, 02:46 AM   #13
billymayday
Guru
 
Registered: Mar 2006
Location: Sydney, Australia
Distribution: Fedora, CentOS, OpenSuse, Slack, Gentoo, Debian, Arch, PCBSD
Posts: 6,678

Rep: Reputation: 120Reputation: 120
Depends what you are trying to do. If you just want a list of sudo stuff, try

sudo grep sudo /var/log/auth.log
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
sudo not logged in /var/log/messages ryzor Linux - Enterprise 1 11-22-2006 10:24 AM
sudo and denying to system log. binary_0011 Linux - Newbie 1 06-08-2006 01:40 AM
How do I log into file browser with sudo? Fasn8n Ubuntu 2 03-03-2006 02:51 PM
How to Log everything command in a root-shell started by SUDO dussel Linux - Security 13 02-21-2006 09:47 AM
When does sudo.log archive itself? mmboam Linux - General 1 04-24-2001 12:40 AM


All times are GMT -5. The time now is 03:01 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration