Wednesday, 4 July 2012

How to rotate sudo log


How to rotate sudo log?
Scenario : Sudo log files will keep the activities of sudo users and their login status in /var/log/sudolog.

Tested platform : RHEL 5
Solution :

1. Create a sudo log file and put it in /etc/sudoers. Then rotate it for 90 days. As an example :

$touch /var/log/sudolog

2. vi /etc/sudoers and add following lines :

-----
Defaults !syslog
Defaults logfile = /var/log/sudolog
-----

Then save it.

3. Rotating this log file :

vi /etc/logrotate.d/sudolog and put following :

------
/var/log/sudolog {
rotate 90
size 5M
postrotate
/usr/bin/killall -HUP syslogd
endscript
}
------

4. Now restart syslogd :

$service syslogd restart

This will keep maximum 5MB file of 90 different copies. Old copy will be removed first.

No comments:

Post a Comment

Twitter Bird Gadget