How can I send IO logging to a different location than the default (4267296)

How can the IO logs be written to an alternate location than the default location.

In the sudoers policy file you can set the path to be a different location using the "iolog_dir" and "iolog_file" options.

Something like would work to turn on logging for all entries and place them all in the same location.

Defaults log_input
Defaults iolog_dir = /tmp/iolog

Or if you wanted to modify some options you could use something like this.
Defaults iolog_dir=”/tmp/logs/iolog/”, iolog_file=”%{user}_%{command}_XXXXXX”

The iolog_file mush end with "XXXXXX"; Quest Privilege Manager for Sudo uses the X's as a placeholder to ensure that is uses a unique filename.

For more information about this see the Administrators guide.

When writing to an NFS server or similar the permissions may be set incorrectly. The logs must be owned as root and group owned as pmlog.

The group ownership is used to allow access to remotely replay the logfiles with the pmremlog command. This is also used in keystroke logs from the MCU.

If using NFS you will likely need to export the nfs directory to the policy servers with the no_root_squash option so that policy servers can correctly set the group ownership instead of the files being created with the nfsnobody group owner.