Skip to main content

Sudo Logs

Unix SudoLogs are the log files associated with sudo execution. Sudo ("super user do" or "substitute user") is used to run programs with elevated privileges.

Linux SudoLogs are stored in the Systemd Journal files.
The log entries show evidence of commands executed with elevated privileges

Other Parsers:

  • None

References:

  • N/A

TOML Collection

system = "linux"

[output]
name = "sudologs_collection"
directory = "./tmp"
format = "json"
compress = false
endpoint_id = "abdc"
collection_id = 1
output = "local"

[[artifacts]]
artifact_name = "sudologs-linux"
[artifacts.sudologs_linux]
# Optional
# alt_path = ""

Collection Options

  • alt_path Path to a directory containing Journal files. This configuration is optional

Output Structure

An array of Journal entries containing sudo activity