/usr/share/doc/sudo/examples/syslog.conf is in sudo 1.8.21p2-3ubuntu1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 | # This is a sample syslog.conf fragment for use with Sudo.
#
# By default, sudo logs to "authpriv" if your system supports it, else it
# uses "auth". The facility can be set via the --with-logfac configure
# option or in the sudoers file.
# To see what syslog facility a sudo binary uses, run `sudo -V' as *root*.
#
# NOTES:
# The whitespace in the following line is made up of <TAB>
# characters, *not* spaces. You cannot just cut and paste!
#
# If you edit syslog.conf you need to send syslogd a HUP signal.
# Ie: kill -HUP process_id
#
# Syslogd will not create new log files for you, you must first
# create the file before syslogd will log to it. Eg.
# 'touch /var/log/sudo'
# This logs successful and failed sudo attempts to the file /var/log/auth
# If your system has the authpriv syslog facility, use authpriv.debug
auth.debug /var/log/auth
# To log to a remote machine, use something like the following,
# where "loghost" is the name of the remote machine.
# If your system has the authpriv syslog facility, use authpriv.debug
auth.debug @loghost
|