Access Gateway sudo audit log


Access Gateway audits sudo command usage, logging all events to the sudoers.log.
The sudo log contains audit events for every sudo use.
Sudo audit events can be downloaded and reviewed.
When downloaded, the log can be found in {instance name}/audit/sudoers.log.

Sudoer log fields

Field

Description

Timestamp

Current system date and time
Example: Dec 2 13:00:11

Separator : (colon)
Account Account of user initiating the command.
Example: oag-mgmt
Separator :
Terminal Terminal used when running the command.
Example: TTY=pts/1
Separator ; (Semi-colon)
Working directory Working directory when command was executed.
Example: PWD=/home/oag-mgmt
Separator ;
User Same as Account.

Command

Command executed with arguments.
Example: COMMAND=/opt/oag/bin/updateCert.sh -f

Example events

Dec  2 13:00:13 : oag-mgmt : TTY=pts/1 ; PWD=/home/oag-mgmt ; USER=root ; COMMAND=/opt/oag/bin/updateCert.sh -f
Dec  2 13:01:02 : root : TTY=pts/0 ; PWD=/root ; USER=root ; COMMAND=/sbin/nginx -t
Dec  2 13:02:02 : root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/sbin/nginx -t