Access Gateway sudo audit log
Access Gateway audits sudo command usage, logging all events to the sudoers.log.
The sudo log contains audit events for every sudo use.
Sudo audit events can be downloaded and reviewed.
When downloaded, the log can be found in {instance name}/audit/sudoers.log.
Sudoer log fields
Field |
Description |
---|---|
Timestamp |
Current system date and time |
Separator | : (colon) |
Account | Account of user initiating the command. Example: oag-mgmt |
Separator | : |
Terminal | Terminal used when running the command. Example: TTY=pts/1 |
Separator | ; (Semi-colon) |
Working directory | Working directory when command was executed. Example: PWD=/home/oag-mgmt |
Separator | ; |
User | Same as Account. |
Command |
Command executed with arguments. |
Example events
Dec 2 13:00:13 : oag-mgmt : TTY=pts/1 ; PWD=/home/oag-mgmt ; USER=root ; COMMAND=/opt/oag/bin/updateCert.sh -f Dec 2 13:01:02 : root : TTY=pts/0 ; PWD=/root ; USER=root ; COMMAND=/sbin/nginx -t Dec 2 13:02:02 : root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/sbin/nginx -t