[Logwatch] Missed sudo commands

David Bogen david.bogen at icecube.wisc.edu
Fri May 12 13:42:33 MST 2006


Recently, I've noticed that logwatch fails to report some, but not all,
sudo entries.

sudo logs that look like this:

May  7 14:23:20 sys1 sudo:      user1 : TTY=pts/0 ; PWD=/etc ; USER=root
; COMMAND=/usr/bin/safe_mysqld

are reported as expected.

sudo logs that look like this:

May  7 14:05:18 sys2 /usr/bin/sudo:   user2 : TTY=unknown ; PWD=/tmp ;
USER=root ; COMMAND=/usr/sbin/postmap hash:/etc/postfix/valid_recipients

are not reported at all.  My guess is that the problem is the string
/usr/bin/sudo is not recognized as a service and is not processed properly.

Am I headed in the right direction with this diagnosis?  If so, does
anyone have any suggestions on where to start hacking in the source to
cobble together a fix to this problem?


David Bogen   :: (608) 263-0168
Unix SysAdmin :: IceCube Project
david.bogen at icecube.wisc.edu

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 186 bytes
Desc: OpenPGP digital signature
Url : http://ip70-176-100-107.ph.ph.cox.net/pipermail/logwatch/attachments/20060512/142141f4/signature.bin

More information about the Logwatch mailing list