The following predefined global variables appear only in the audit (event) log. They are not available for use in the policy file, as they are set by pmlocald during the runcommand session.They are set by the Sudo Plugin during the runcommand session. Use pmlog to view them.
Table 12: Global event log variables
alertdate |
string |
Date on which the alert was raised. |
alerttime |
string |
Time at which the alert was raised. |
event |
string |
Type of event. |
exitdate |
string |
Date on which the finish event was logged. |
exitstatus |
string |
Exit status of the request |
exittime |
string |
Exit time of the request. |
Description
Type string READONLY
event identifies the type of event logged by the policy server process. An event is logged when the policy server accepts or rejects a command.
Possible values are:
This value is saved in the event log and can be viewed using pmlog.
Example
#Display all accepted events from the audit log
pmlog -c 'event == "Accept"'
Description
Type string READONLY
exitdate is the date the requested command finished running. This is saved in the event log when the session exits, and can be viewed using pmlog.
Example
#Display all events that finished on 15 january 2009
pmlog -c 'exitdate == "2009/01/15"'
Description
Type string READONLY
exitstatus contains the exit status of the runcommand. This variable is not available for use in the policy file. It is logged in the "Finish" event by the Sudo Plugin when the session ends.
Example
#Display all sh commands that failed to complete successfully
pmlog -c 'runcommand == "sh" && exitstatus != "Command finished with exit status 0"'