Log sudo history

This support forum board is for support questions relating to Nagios Log Server, our solution for managing and monitoring critical log data.
Post Reply
stsysadm
Posts: 1
Joined: Wed Jan 11, 2023 11:15 am

Log sudo history

Post by stsysadm »

Good Morning,

I need your help to solve a problem.
is it possible to configure nagios ls to accept sudo history?
I tried to configure it to accept local1 (configured by default in /etc/sudoers) but once I've elevated my user to root, I can't rebuild the commands I run from nagios log server

thanks to anyone who can help me
bbahn
Posts: 91
Joined: Thu Jan 12, 2023 5:42 pm

Re: Log sudo history

Post by bbahn »

Hello stsysadm,

To configure Nagios Log Server to accept sudo history, you will first need to set up logging sudo commands.
  1. You seem to have already set up sudo logging such as with the following in your sudoers file

    Code: Select all

    Defaults logfile="/var/log/sudo.log"
    Defaults syslog=local1
    
    and updated the rsyslog to add something like the following:

    Code: Select all

    local1.*                            /var/log/sudo.log
  2. Next you need to add this logging to your NLS server. You can do this using

    Code: Select all

    curl -sS -O http://nls_ip_address/nagioslogserver/scripts/setup-linux.sh
    sudo bash setup-linux.sh -s log_source_ip -p nls_port -f "/var/log/sudo.log" -t FILE_TAG
    
If this doesn't solve your issue, please elaborate on what specifically your issues are.
Thank you.
February: Fostering a fruitful forum with fun formulations. Fear not for our fellowship of friendly fellows will fervently find fixes for flaws found on this forum. Feel free to follow-up with feedback if I fail to fulfill my function fully.
Post Reply