Simple(?) question...
Looking for the best way to log all "sudo su - someuser".
Obviously, it already flags sudo root, but I am looking to track all
the users who are authorized to sudo to other accounts and when they
do it. I could modify the syslog_rules - which worked, but since that
is a bad t
Maybe copy the rule you modified to local_rules and use "overwrite=yes" so
you're not actually modifying the syslog_rules file? But remember to keep
the match for "root" user in there and just extend the list to whatever
user(s) you want.
I'm not sure what changes you made to get it to work, but p
