Hi all,

i have read in a book that the sudo utility logs all commands it executes. this log can be useful for retracing your steps if you make a mistake
and for system auditing- what is the name of this log file ?

NB:- i use ubuntu 8.04

/var/log/sudo.log

I tried as follows

sudo cat /var/log/sudo.log
cat: /var/log/sudo.log: No such file or directory

Try to examine your config file as root:
$grep logfile /etc/sudoers
It may show different log file location.

I suppose, you have run sudo command recently?

Run a command under sudo, then

ls -lrt /var/log

and see what's just been updated (this lists files with most recently changed at the bottom).

but still it is not giving me the history/log file for sudo commands i have given

Are you sure?

What's the output of

sudo ls -lrt | tail -5

?

this is what i have tried:-

user@ubuntu:~$ sudo nautilus
[sudo] password for user:
Initializing nautilus-share extension
seahorse nautilus module initialized
Initializing nautilus-open-terminal extension

** (nautilus:9439): WARNING **: Unable to add monitor: Operation not supported
Shutting down nautilus-open-terminal extension
seahorse nautilus module shutdown


user@ubuntu:~$ sudo ls -lrt | tail -5
drwxr-xr-x 3 user user 4096 2008-10-08 11:44 rubyfiles
-rw-r--r-- 1 user user 15 2008-10-08 17:52 a.txt
-rw-r--r-- 1 user user 15 2008-10-08 17:53 b.txt
drwxr-xr-x 2 user user 4096 2008-10-10 15:34 Pictures
drwxr-xr-x 10 user user 4096 2008-10-11 11:48 Desktop

Sorry - missed a critical bit. Try

sudo ls -lrt /var/log | tail -5

instead (note using sudo to run the command should update the log, so no need to run a prior sudo)

i tried this

user@ubuntu:~$ sudo ls -lrt /var/log | tail -5
[sudo] password for user:
-rw-rw-r-- 1 root utmp 96000 2008-10-11 10:10 wtmp
-rw-r--r-- 1 root root 45069 2008-10-11 12:11 Xorg.0.log
-rw-r----- 1 syslog adm 771 2008-10-11 12:34 syslog
-rw-r----- 1 syslog adm 74946 2008-10-11 12:34 messages
-rw-r----- 1 syslog adm 14367 2008-10-11 12:37 auth.log

And does

sudo tail /var/log/auth.log

show anything useful?

i definitely does , but then sudo tail /var/log/auth.log
should be rather sudo cat /var/log/auth.log

Depends what you are trying to do. If you just want a list of sudo stuff, try

sudo grep sudo /var/log/auth.log

If you want to log everything done while using the sudo command, add the following to your sudoers file:

Defaults log_host, log_year
Defaults log_input, log_output, logfile="/var/log/sudo.log"


This will create both a /var/log/sudo.log file, but also a directory sudo-io. In that directory structure will be all of the commands run during a particular sudo session.
Some of the files in that directory structure are gzip compressed, so you will need zcat to read them.

Good advice...but please pay attention to the threads you're posting in. This one had been closed for TEN YEARS now.