# prevent sudo from logging to syslog

## toralf

/me wodners how to avoid spamming my syslog with messages like

```
n22 sudo: tfoerste : TTY=pts/3 ; PWD=/home/tfoerste ; USER=root ; COMMAND=/bin/tail -n 20 -f /var/log/messages

 n22 sudo: pam_unix(sudo:session): session opened for user root by tfoerste(uid=0)

```

----------

## user

Hi toralf foerste,

one solution maybe:

```
# man 5 sudoers | grep -A2 syslog_goodpri

     syslog_goodpri    Syslog priority to use when user authenticates success‐

                       fully.  Defaults to notice.
```

If you set it to debug, logging should gone (assumption you don't log debug per default).

----------

## toralf

although I set this:

```
$ sudo grep debug /etc/sudoers

Defaults syslog_goodpri = debug

```

I still have those messages.

----------

## ppurka

Try nosyslog? From the manpage

```
     syslog            Syslog facility if syslog is being used for logging (negate to disable syslog log‐

                       ging).  Defaults to authpriv.

```

----------

## toralf

I tried a lot - maybe b/c its Monday - please can someone give me the exact line in /etc/sudoers ?

----------

## toralf

Ick, I wasn't clear enough in my origin post - I already switched of logging of the command itself, but I'm annoyed by these 2 lines too :

```
sudo: pam_unix(sudo:session): session opened for user root by tfoerste(uid=0)

sudo: pam_unix(sudo:session): session closed for user root

```

which I cannot get rid off till now.

----------

## Apheus

I cannot check at the moment, but I think it is 

```
Defaults !syslog
```

in /etc/sudoers

----------

## toralf

I do have these 2 lines there :

```
Defaults logfile=/var/log/sudo.log,loglinelen=0

Defaults !syslog

```

so that the sudo command line isn't logged any longer but the pam message is still there :

```
sudo: pam_unix(sudo:session): session opened for user root by tfoerste(uid=0)

sudo: pam_unix(sudo:session): session closed for user root

```

----------

## hamelg

to prevent pam_unix to log sesssion, you can negate the "pam_session" option.

Here is an exemple :

```

Cmnd_Alias PRIVCMDS_NOLOG= \

        /usr/bin/iptables -Z -nvxL *

Defaults!PRIVCMDS_NOLOG !syslog, !pam_session

POWERUSER ALL = NOPASSWD: PRIVCMDS_NOLOG

```

----------

## toralf

just putting !pam_session behind 

```
Defaults logfile=/var/log/sudo.log,loglinelen=0

Defaults !syslog, !pam_session

```

gives :

```
sudo: unknown defaults entry `pam_session'
```

----------

## ulenrich

If you are able to solve your issue in pure user mode

this will be the most serious bug regarding security.

Please, try further ...

----------

## hamelg

 *toralf wrote:*   

> just putting !pam_session behind 
> 
> ```
> Defaults logfile=/var/log/sudo.log,loglinelen=0
> 
> ...

 

This setting is only supported by version 1.8.7 or higher.

----------

## toralf

yeah - 1.8.7 works fine - thx.

----------

## albright

which raises the question since 1.8.7 was released in June, why

is it not in gentoo yet?

see http://www.sudo.ws/:

 *Quote:*   

> The current stable release is sudo 1.8.7, released on June 6, 2013.

 

----------

## toralf

I filed a bug already ...

----------

