[Logwatch] Missed sudo commands

Mike Tremaine mgt at stellarcore.net
Fri May 12 14:40:48 MST 2006


On Fri, 2006-05-12 at 15:42 -0500, David Bogen wrote:
> All:
> 
> Recently, I've noticed that logwatch fails to report some, but not all,
> sudo entries.


> May  7 14:05:18 sys2 /usr/bin/sudo:   user2 : TTY=unknown ; PWD=/tmp ;
> USER=root ; COMMAND=/usr/sbin/postmap hash:/etc/postfix/valid_recipients
> 
> are not reported at all.  My guess is that the problem is the string
> /usr/bin/sudo is not recognized as a service and is not processed properly.


Quick check would be to edit

/usr/share/logwatch/default.conf/services/sudo.conf

Change

*OnlyService = sudo

to

*MultiService = sudo,/usr/bin/sudo


See if it works.

-Mike




More information about the Logwatch mailing list