Recipe 5.17 Logging sudo Remotely

5.17.1 Problem

You want your sudo logs kept off-host to prevent tampering or interference.

5.17.2 Solution

Use syslog 's @otherhost syntax: [Recipe 9.29]

authpriv.*         @securehost

5.17.3 Discussion

Remember that the remote host's syslogd needs must be invoked with the -r flag to receive remote messages. Make sure your remote host doesn't share root privileges with the sudo host, or else this offhost logging is pointless.

5.17.4 See Also

syslog.conf(5), syslogd(8).

    Chapter 9. Testing and Monitoring