Sudo allows system administrators to allow users run command as root user. The commands that run with sudo needs to be logged in for security and compliance reasons.
Security — Sudo logs can provide a trail of activity. Any unauthorised access or suspicious behaviour can be logged and the system admins can get to know with the help of sudo logs.
Compliance — Sudo logs are required for regulatory requirements for an organisation. HIPPA, PCI, DSS provide system activity trail.
Accountability — It documents the actions when administrator perform, system admin tasks.
We can create a custom sudo logs file in <code>/etc/sudoers</code>
/etc/sudoers is a configuration file used by the sudo command in Linux and Unix-based operating systems. It contains the rules that determine which users or groups are allowed to run specific commands.
Default <code>/etc/sudoers</code> file →
<img src="https://miro.medium.com/v2/resize:fit:1400/1*88LfxWK-5qLverQwboXUpQ.png" alt />
We can create a custom log file here -&gt; <code>/var/log</code>
<code>Example /var/log/sudo.log</code>
Create a file - <code>touch /var/log/sudo.log</code>
Edit the file <code>sudo vi /etc/sudoers</code>
Add <code>Defaults logfile=”/var/log/sudo.log”</code> (As shown below)
<img src="https://miro.medium.com/v2/resize:fit:1400/1*bpo5ZrLcKuWO622U-Ht-PQ.png" alt />
Restart rsyslog -&gt; <code>sudo systemctl restart rsyslog</code>
We can start seeing sudo logs in the custom log file
<img src="https://miro.medium.com/v2/resize:fit:1400/1*7lI_rzT4_p3_tMqFNfDVqQ.png" alt />
Feel free to ask any doubts in comments. I tried on debian. It might work for rest flavours too. 🍻🍺

Sudo allows system administrators to allow users run command as root user. The commands that run with sudo needs to be logged in for security and compliance reasons.

**Security** — Sudo logs can provide a trail of activity. Any unauthorised access or suspicious behaviour can be logged and the system admins can get to know with the help of sudo logs.

**Compliance** — Sudo logs are required for regulatory requirements for an organisation. HIPPA, PCI, DSS provide system activity trail.

**Accountability** — It documents the actions when administrator perform, system admin tasks.

We can create a custom sudo logs file in `/etc/sudoers`

**/etc/sudoers** is a configuration file used by the sudo command in Linux and Unix-based operating systems. It contains the rules that determine which users or groups are allowed to run specific commands.

Default `/etc/sudoers` file →

![](https://miro.medium.com/v2/resize:fit:1400/1*88LfxWK-5qLverQwboXUpQ.png align="left")

We can create a custom log file here -&gt; `/var/log`

`Example /var/log/sudo.log`

Create a file - `touch /var/log/sudo.log`

Edit the file `sudo vi /etc/sudoers`

Add `Defaults logfile=”/var/log/sudo.log”` *(As shown below)*

![](https://miro.medium.com/v2/resize:fit:1400/1*bpo5ZrLcKuWO622U-Ht-PQ.png align="left")

Restart rsyslog -&gt; `sudo systemctl restart rsyslog`

We can start seeing sudo logs in the custom log file

![](https://miro.medium.com/v2/resize:fit:1400/1*7lI_rzT4_p3_tMqFNfDVqQ.png align="left")

Feel free to ask any doubts in comments. I tried on debian. It might work for rest flavours too. 🍻🍺

Tamish Verma's Blog

Tamish Verma's Blog

Create a custom sudo log file

sudoers log