Recipe 5.17 Logging sudo Remotely

5.17.1 Problem

You want your sudo logs kept off-host to prevent tampering or interference.

5.17.2 Solution

Use syslog 's @otherhost syntax: [Recipe 9.29]

/etc/syslog.conf:
authpriv.*         @securehost

5.17.3 Discussion

Remember that the remote host's syslogd needs must be invoked with the -r flag to receive remote messages. Make sure your remote host doesn't share root privileges with the sudo host, or else this offhost logging is pointless.

5.17.4 See Also

syslog.conf(5), syslogd(8).