Access Gateway sudo audit log

Access Gateway audits sudo command usage, logging all events to the sudoers.log.
The sudo log contains audit events for every sudo use.
Sudo audit events can be downloaded and reviewed.
When downloaded, the log can be found in {instance name}/audit/sudoers.log.

Sudoer log fields




Current system date and time
Example: Dec 2 13:00:11

Separator : (colon)
Account Account of user initiating the command.
Example: oag-mgmt
Separator :
Terminal Terminal used when running the command.
Example: TTY=pts/1
Separator ; (Semi-colon)
Working directory Working directory when command was executed.
Example: PWD=/home/oag-mgmt
Separator ;
User Same as Account.


Command executed with arguments.
Example: COMMAND=/opt/oag/bin/ -f

Example events

Dec  2 13:00:13 : oag-mgmt : TTY=pts/1 ; PWD=/home/oag-mgmt ; USER=root ; COMMAND=/opt/oag/bin/ -f
Dec  2 13:01:02 : root : TTY=pts/0 ; PWD=/root ; USER=root ; COMMAND=/sbin/nginx -t
Dec  2 13:02:02 : root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/sbin/nginx -t