sudo log file
Hi all,
i have read in a book that the sudo utility logs all commands it executes. this log can be useful for retracing your steps if you make a mistake and for system auditing- what is the name of this log file ? NB:- i use ubuntu 8.04 |
/var/log/sudo.log
|
Quote:
sudo cat /var/log/sudo.log cat: /var/log/sudo.log: No such file or directory |
Try to examine your config file as root:
$grep logfile /etc/sudoers It may show different log file location. I suppose, you have run sudo command recently? :) |
Run a command under sudo, then
ls -lrt /var/log and see what's just been updated (this lists files with most recently changed at the bottom). |
Quote:
|
Are you sure?
What's the output of sudo ls -lrt | tail -5 ? |
Quote:
user@ubuntu:~$ sudo nautilus [sudo] password for user: Initializing nautilus-share extension seahorse nautilus module initialized Initializing nautilus-open-terminal extension ** (nautilus:9439): WARNING **: Unable to add monitor: Operation not supported Shutting down nautilus-open-terminal extension seahorse nautilus module shutdown user@ubuntu:~$ sudo ls -lrt | tail -5 drwxr-xr-x 3 user user 4096 2008-10-08 11:44 rubyfiles -rw-r--r-- 1 user user 15 2008-10-08 17:52 a.txt -rw-r--r-- 1 user user 15 2008-10-08 17:53 b.txt drwxr-xr-x 2 user user 4096 2008-10-10 15:34 Pictures drwxr-xr-x 10 user user 4096 2008-10-11 11:48 Desktop |
Sorry - missed a critical bit. Try
sudo ls -lrt /var/log | tail -5 instead (note using sudo to run the command should update the log, so no need to run a prior sudo) |
Quote:
user@ubuntu:~$ sudo ls -lrt /var/log | tail -5 [sudo] password for user: -rw-rw-r-- 1 root utmp 96000 2008-10-11 10:10 wtmp -rw-r--r-- 1 root root 45069 2008-10-11 12:11 Xorg.0.log -rw-r----- 1 syslog adm 771 2008-10-11 12:34 syslog -rw-r----- 1 syslog adm 74946 2008-10-11 12:34 messages -rw-r----- 1 syslog adm 14367 2008-10-11 12:37 auth.log |
And does
sudo tail /var/log/auth.log show anything useful? |
Quote:
should be rather sudo cat /var/log/auth.log |
Depends what you are trying to do. If you just want a list of sudo stuff, try
sudo grep sudo /var/log/auth.log |
Logging in sudo
If you want to log everything done while using the sudo command, add the following to your sudoers file:
Defaults log_host, log_year Defaults log_input, log_output, logfile="/var/log/sudo.log" This will create both a /var/log/sudo.log file, but also a directory sudo-io. In that directory structure will be all of the commands run during a particular sudo session. Some of the files in that directory structure are gzip compressed, so you will need zcat to read them. |
Quote:
|
All times are GMT -5. The time now is 01:05 PM. |