SUMMARY: Using Syslog to email "su" attempts.

From: Burtenshaw, Craig <>
Date: Mon Jan 13 2003 - 17:28:47 EST

Original Question (Summarised):
Can you use syslogd to email "su" attempts.

Answer:   No.
syslog.conf only allows 4 possibilities in the last field.
* means all logged in users.

However:  You can use some products to do this, suggested products were:
* sudo (Superuser do) - Allows a system administrator to give certain
users (or group of users) the ability to run some (or all)
commands as root or another user while logging the commands and

* syslog-ng
* logwatcher
* swatch

Thank you to the following people for there responses.
Beven Broun,
Cian O'Sullivan,
Ric Anderson,
Hendrik Visage,
Bruno Saverio Delbono
Nico Wieland
Robert Brockway
Mike Arnold
John T. Douglass
Tim Wort.

I will be looking firstly at "sudo", then "logwatcher"

Thank you all again.
Craig Burtenshaw

Craig Burtenshaw
Unix Systems/Oracle Database Administrator
Information Services

Australian Maritime Safety Authority
PO Box 2181
Canberra City ACT 2601

Lvl 2, 25 Constitution Ave
Canberra City ACT 2601
Ph: (02) 6279 5824	61 2 6279 5824
Fax: (02) 6279 5024	61 2 6279 5024
AMSA Web site:
Friends help you move. Real friends help you move bodies.
that any use or dissemination of this communication is prohibited.
If you receive this transmission in error, please notify us immediately
by telephone on 02-62795000 and delete all copies of this transmission
together with any attachments.
sunmanagers mailing list
Received on Mon Jan 13 17:32:18 2003

This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:43:01 EST