[syslog-ng]Sudo logging
Nate Campi
nate@campin.net
Tue, 8 Jan 2002 19:40:09 -0800
On Tue, Jan 08, 2002 at 12:52:13PM -0800, Chuck Kelly wrote:
> I can't seem to get sudo logs logging properly.
>
> Would like each host to log to sudo.log instead of local2.
>
> /var/log/syslog-ng/$HOST/sudo.log
>
> Anyone have any examples of how they did it?
It's possible by using the $PROGRAM macro in your
See http://www.balabit.hu/static/syslog-ng/reference/x324.html#AEN512
You don't really want to trust the input of log messages when creating
files in your filesystem, though. Plus that will log *all* your logs by
program.
If you just want the sudo stuff you can apply a regexp to log messages
as they come in like:
destination sudo_log { file("/var/log/syslog-ng/$HOST/sudo.log" create_dirs(yes)); };
# this should match sudo in the tag field
filter f_sudo { match("sudo:"); };
log { source(src); filter(f_sudo_log); destination(sudo_log); };
This should work as is.
--
Nate Campi http://www.campin.net GnuPG key: 0xC17AEF79
"ASCII stupid question, get a stupid ANSI !"