Track sudo userids

I am trying to see if there is a way to tell what user used sudo to do work on the server. I need to know if there is a log file that has the userid of the person who invoked sudo to make changes in the system.

Thanks
hsdoctorAsked:
Who is Participating?
 
joolsConnect With a Mentor Commented:
this is usually logged in /var/log/messages or perhaps /var/log/secure, depends on your distro.
0
 
simon3270Connect With a Mentor Commented:
or /var/log/auth.log (Ubuntu, Arch etc))
0
 
Jan SpringerConnect With a Mentor Commented:
You can also define the name of the file to which you wish to log transactions in /etc/sudoers.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.