SUMMARY: Sending logging to central syslog server

From: Chris Doane (cdoane@geoworks.com)
Date: Wed Apr 26 1995 - 11:21:41 CDT


> From sun-managers-relay@ra.mcs.anl.gov Mon Apr 24 16:25:49 1995
> Sender: sun-managers-relay@ra.mcs.anl.gov
> Date: Mon, 24 Apr 95 09:39:33 PDT
> From: cdoane@geoworks.com (Chris Doane)
> Reply-To: cdoane@geoworks.com (Chris Doane)
> Followup-To: junk
> To: sun-managers@ra.mcs.anl.gov
> Subject: Sending logging to central syslog server
> Content-Length: 349
>
>
> Hello,
>
> We're in the process of setting up sudo, the shareware root
> password administration program. I'd like to utilize the
> ability to log activity to a central syslog server, but am
> unclear on just how this is setup with this program. Can
> someone point me to some sort of reference for how to do this?
>
> Thanks,
> Chris Doane
> cdoane@geoworks.com
>

Much thanks to:

Jeff Fletcher
Leslie Dreyer Kalra
James Mularadelis
Brian T. Wightman
J. Bern
Michael Seeger
R A Lichtensteiger

While everyone provided me with excellent help in setting up
syslog logging to a central host, R A Lichtensteiger helped
me to catch the point I was missing. That is, sudo compiles
using the "local2" facility, not "auth" - as I was presuming,
for alerting syslog. Once I recognized that, it was a cinch.

Thanks, again, to everyone. Following is the procedure I
used.

Chris Doane

----- Begin Included Message -----

Back at the ranch, Chris Doane scribed:

: We're in the process of setting up sudo, the shareware root
: password administration program. I'd like to utilize the
: ability to log activity to a central syslog server, but am
: unclear on just how this is setup with this program. Can
: someone point me to some sort of reference for how to do this?

>From the sudo.h file:

   SYSLOG - if you want to use syslog instead of a log file
                            ( This is a nice feature. You can
                              collect all you sudo logs at a
                              central host. The default is for
                              sudo to log at the local2 facility.)

>From the Makefile:

   DEFINES = -DSYSLOG -DSEND_MAIL_WHEN_NO_USER -DSyslog_options=0 -DBSD

Then set your /etc/syslog.conf to forward all "local2.notice" (or better)
messages to your log host.

In the loghost have local2.notice write to a file.

Sudo logs "approved" uses at the notice priority and "unapproved" uses at
the alert priority.

-Reto L.-

-- 
R A Lichtensteiger	rali@hri.com
System Administrator	Horizon Research Inc	(617) 466-8304
                        Waltham MA 02154
	http://www.hri.com/HRI/People/rali.html

I use Solaris because someone told me it was admirable to work with the handicapped ...

----- End Included Message -----



This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:10:22 CDT