
Photo by Kelly Sikkema on Unsplash
Processing the new sudo logging format
Neat Packaging
The Linux sudo
command helps Linux administrators run specific programs in the context of another user, typically root. In this way, non-privileged users can run management programs on a system. The tool writes to a log to keep track of users who used sudo to run programs. The default format has been plain text, but from version 1.9.4, it can be configured to log in JSON format.
sudo Logging
By default, sudo uses syslog to send log messages, which means that, on a Linux system, the messages end up in the system journal. You can choose between JSON and sudo plain text as the log format. Text ensures that the messages are easy to read while keeping the amount of information that ends up in the log to a minimum (Figure 1).

If you are looking for more information on a sudo log event, you can change the format of the log message to JSON, which makes several data fields available in the journal (Figure 2). You will find more detailed information on the individual fields of the log format by entering
man 5 sudoers
for the
...Buy this article as PDF
(incl. VAT)
Buy ADMIN Magazine
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Most Popular
Support Our Work
ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.
