Making sudo logs go to syslog in Linux

Tamish VermaTamish Verma
1 min read

The Syslog protocol was initially written by Eric Allman.

Syslog can help with centralized management, security monitoring, compliance, and efficiency, making it good practice for many organizations.

Syslogs help in achieveing complicance requirements too for the companies as they mandate retention and collection of logs.

Here will show some commands that will help in doing changes to rsyslog which will enable us to send the sudo logs to syslog.

Currently no sudo logs are present in syslog ->

We will be doing our changes in /etc/rsyslog.d ->

  1. Create a file sudo.conf

  2. Open the file vi sudo.conf

  3. Add the code snippet ->
    if $programname == 'sudo' then /var/log/syslog & stop

  4. Restart rsyslog -> sudo systemctl restart rsyslog

  5. Now run -> grep sudo /var/log/syslog

U might need to do all the above commands as root.

Now when we run this command ->
grep sudo /var/log/syslog

Above you can see sudo logs inside the syslog.

I tried on Debian. You may well try on other linux flavors. ๐Ÿป๐Ÿบ

10
Subscribe to my newsletter

Read articles from Tamish Verma directly inside your inbox. Subscribe to the newsletter, and don't miss out.

linux-basicssyslogsudocompliance rsyslog

Written by

Tamish Verma
Tamish Verma

I am Devops engineer. I am a newbie learning and letting the world know about my experiments and findings.