[Logwatch] Missed sudo commands

Mike Tremaine mgt at stellarcore.net
Fri May 12 14:40:48 MST 2006

On Fri, 2006-05-12 at 15:42 -0500, David Bogen wrote:
> All:
> Recently, I've noticed that logwatch fails to report some, but not all,
> sudo entries.

> May  7 14:05:18 sys2 /usr/bin/sudo:   user2 : TTY=unknown ; PWD=/tmp ;
> USER=root ; COMMAND=/usr/sbin/postmap hash:/etc/postfix/valid_recipients
> are not reported at all.  My guess is that the problem is the string
> /usr/bin/sudo is not recognized as a service and is not processed properly.

Quick check would be to edit



*OnlyService = sudo


*MultiService = sudo,/usr/bin/sudo

See if it works.


More information about the Logwatch mailing list