Regular /var/log/messages will not log the hostname where the sudo command has been executed. Sample log provided below
Mar 23 17:23:51 <SUDO MASTER HOSTNAME> sudo[4171]: <USERNAME> : TTY=pts/0 ; PWD=/home/<USERNAME> ; USER=root ; TSID=<USERNAME>/root/vastool_20230323_1723_XXXXXX ; COMMAND=/opt/quest/bin/vastool status
1. Please add the following line in SUDOER file in one of the Safeguard for Sudo server after checking out.
Defaults log_host
2. Now commit the change and sync the policy on the client.
3. Execute a sudo command in the client machine and you will see the machine from where you executed has started appearing in the SUDO master server's message logs (/var/log/messages) as per below:
Mar 23 17:26:25 <SUDO MASTER HOSTNAME> sudo[4435]: <USERNAME> : HOST=< EXECUTING HOSTNAME> ; TTY=pts/0 ; PWD=/home/<USERNAME> ; USER=root ; TSID=<USERNAME>/root/vastool_20230323_1726_XXXXXX ; COMMAND=/opt/quest/bin/vastool status
© ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center