Create a custom sudo log file

Sudo allows system administrators to allow users run command as root user. The commands that run with sudo needs to be logged in for security and compliance reasons.

Security — Sudo logs can provide a trail of activity. Any unauthorised access or suspicious behaviour can be logged and the system admins can get to know with the help of sudo logs.

Compliance — Sudo logs are required for regulatory requirements for an organisation. HIPPA, PCI, DSS provide system activity trail.

Accountability — It documents the actions when administrator perform, system admin tasks.

We can create a custom sudo logs file in /etc/sudoers

/etc/sudoers is a configuration file used by the sudo command in Linux and Unix-based operating systems. It contains the rules that determine which users or groups are allowed to run specific commands.

Default /etc/sudoers file →

We can create a custom log file here -> /var/log

Example /var/log/sudo.log

Create a file - touch /var/log/sudo.log

Edit the file sudo vi /etc/sudoers

Add Defaults logfile=”/var/log/sudo.log” (As shown below)

Restart rsyslog -> sudo systemctl restart rsyslog

We can start seeing sudo logs in the custom log file

Feel free to ask any doubts in comments. I tried on debian. It might work for rest flavours too. 🍻🍺