Hi Bazsi!

On Thu, Aug 06, 2020 at 03:45:19PM +0200, Balazs Scheidler wrote:
> As you can see the ".sudo" top-level key is there, listing sudo related
> name-value pairs as extracted on the client. I also checked the debug/trace
> logs on the server and confirmed that only ewmm parsing was done,

Thanks for your thorough investigation !

Thus I understand that when using syslog (not -ng) destination, and
default-network-drivers, sudo parsing will happen twice.