sudo logging question

[dirtbag]

hey gentooheads,

Im using the proximity scriptie at
http://gentoo-wiki.com/TIP_Bluetooth_Proximity_Monitor
and it works great, but in my syslog, I get beaucoups of messages from it

May 3 14:05:25 zim sudo: jason : TTY=pts/6 ; PWD=/tmp ; USER=root ; COMMAND=/usr/bin/hcitool rssi 00:12:8B:7B:73:B7
May 3 14:05:27 zim sudo: jason : TTY=pts/6 ; PWD=/tmp ; USER=root ; COMMAND=/usr/bin/hcitool con
May 3 14:05:27 zim sudo: jason : TTY=pts/6 ; PWD=/tmp ; USER=root ; COMMAND=/usr/bin/hcitool rssi 00:12:8B:7B:73:B7
May 3 14:05:29 zim sudo: jason : TTY=pts/6 ; PWD=/tmp ; USER=root ; COMMAND=/usr/bin/hcitool con
May 3 14:05:29 zim sudo: jason : TTY=pts/6 ; PWD=/tmp ; USER=root ; COMMAND=/usr/bin/hcitool rssi 00:12:8B:7B:73:B7
May 3 14:05:31 zim sudo: jason : TTY=pts/6 ; PWD=/tmp ; USER=root ; COMMAND=/usr/bin/hcitool con
May 3 14:05:31 zim sudo: jason : TTY=pts/6 ; PWD=/tmp ; USER=root ; COMMAND=/usr/bin/hcitool rssi 00:12:8B:7B:73:B7
May 3 14:05:33 zim sudo: jason : TTY=pts/6 ; PWD=/tmp ; USER=root ; COMMAND=/usr/bin/hcitool con
May 3 14:05:33 zim sudo: jason : TTY=pts/6 ; PWD=/tmp ; USER=root ; COMMAND=/usr/bin/hcitool rssi 00:12:8B:7B:73:B7

any slick ideas on how I can /dev/null just these messages from this particular command?

in my /etc/sudoers, I have
jason ALL=NOPASSWD:/usr/bin/hcitool logfile=/dev/null
and I tried to use the logfile on the end of that line, but it doesnt seem to work in this instance

any ideas?

-DB

[snizfast]

Have you tried filtering the sudo stuff out in the syslog-ng.conf file similar to this?

Code: Select all

filter f_messages { level(info .. warn)
        and not facility(auth, authpriv, cron, daemon, mail, news, kern, user)
        and not program("sudo"); };

That will take it out of the message log and then you put all of the sudo stuff to a seperate file.

[dirtbag]

well, the only problem with that is that it would trap all sudo messages, I was looking for a way to just trap these that come from this one specific command being run every 2 seconds so I dont fill up my disk.. I guess I could do what you suggest, but I dont believe its what Im looking for.

-DB

[hegga]

in my /etc/sudoers, I have
jason ALL=NOPASSWD:/usr/bin/hcitool logfile=/dev/null
and I tried to use the logfile on the end of that line, but it doesnt seem to work in this instance

any ideas?

logfile
Path to the sudo log file (not the syslog log file). Setting a path turns on logging to a file; negating this option turns it off.

Code: Select all

!logfile

should work then...

[dirtbag]

jason ALL=NOPASSWD:/usr/bin/hcitool !logfile
is that what you mean?
that didnt seem to work either

[snizfast]

Just to double check you are worried about the log files filling up your disk? If you can get it out of the rest of you log files that should work. Optionally you could create a logfile which goes to /dev/null

Code: Select all

destination null { file("/dev/null"); };

Hope that helps.

[dirtbag]

jason ALL=NOPASSWD:/usr/bin/hcitool destination null { file("/dev/null"); };
still doesnt work.

I want ONLY output from THIS particular entry to go to /dev/null/ all the rest of the sudoers actions I want logged.

-DB

[mikegpitt]

Were you ever able to turn off sudo logging? I tried both these from the man page, but am having problems getting it to work.

Code: Select all

Defaults        !logfile

or

Code: Select all

Defaults        logfile=/dev/null

[dirtbag]

not sure what happened... but im not getting these messages anymore..
and I dont have anything on my sudo line blocking the log output either.


-DB

[mikegpitt]

not sure what happened... but im not getting these messages anymore..
and I dont have anything on my sudo line blocking the log output either.


-DB

Actually we figured it out... This was the solution:

Code: Select all

Defaults        !syslog

[dirtbag]

Thanks fer sharing that Faye!

-db

[mikegpitt]

Thanks fer sharing that Faye!

lol... my name is actually Mike, but Cowboy Bebop is one of my favorite animes

[dirtbag]

heh... i know.. me too..