Access Gateway sudo audit log

Access Gateway audits sudo command usage, logging all events to the sudoers.log.
The sudo log contains audit events for every sudo use.
Sudo audit events can be downloaded and reviewed.
When downloaded, the log can be found in {instance name}/audit/sudoers.log.

Sudoer log fields

Field	Description
Timestamp	Current system date and time Example: Dec 2 13:00:11
Separator	: (colon)
Account	Account of user initiating the command. Example: oag-mgmt
Separator	:
Terminal	Terminal used when running the command. Example: TTY=pts/1
Separator	; (Semi-colon)
Working directory	Working directory when command was executed. Example: PWD=/home/oag-mgmt
Separator	;
User	Same as Account.
Command	Command executed with arguments. Example: COMMAND=/opt/oag/bin/updateCert.sh -f

Example events

Dec  2 13:00:13 : oag-mgmt : TTY=pts/1 ; PWD=/home/oag-mgmt ; USER=root ; COMMAND=/opt/oag/bin/updateCert.sh -f
Dec  2 13:01:02 : root : TTY=pts/0 ; PWD=/root ; USER=root ; COMMAND=/sbin/nginx -t
Dec  2 13:02:02 : root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/sbin/nginx -t

Access Gateway sudo audit log

Sudoer log fields

Example events

Related Topics