Access Gateway sudo audit log
Access Gateway audits sudo command usage by logging all events to the sudoers.log.
The sudo log contains audit events for every sudo use. Sudo audit events can be downloaded and reviewed. The log is downloaded to{instance name}/audit/sudoers.log.
Sudoer log fields
Field |
Description |
---|---|
Timestamp | Current system date and time (for example, Dec 2 13:00:11). |
Separator | : (colon) |
Account | The account of the user initiating the command (for example, oag-mgmt). |
Separator | : |
Terminal | Terminal used when running the command (for example, TTY=pts/1). |
Separator | ; (Semi-colon) |
Working directory | Working directory when then command was executed (for example, PWD=/home/oag-mgmt). |
Separator | ; |
User | Same as Account. |
Command |
Command executed with arguments (for example, COMMAND=/opt/oag/bin/updateCert.sh -f). |