111 Feb 13 12:48:25 wenguang sudo: pam_unix(sudo:session): session closed for user root
112 Feb 13 12:48:27 wenguang sudo: wenguang : TTY=pts/4 ; PWD=/home/wenguang ; USER=root ; COMMAND=/bin/rm -r /usr/lib/php/
113 Feb 13 12:48:27 wenguang sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
114 Feb 13 12:48:27 wenguang sudo: pam_unix(sudo:session): session closed for user root
115 Feb 13 12:51:12 wenguang sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
116 Feb 13 12:51:13 wenguang sudo: pam_unix(sudo:session): session closed for user root
117 Feb 13 12:55:34 wenguang sudo: wenguang : TTY=pts/4 ; PWD=/home/wenguang ; USER=root ; COMMAND=/usr/bin/vim /var/log/aut h.log
118 Feb 13 12:55:34 wenguang sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
以上是我的日志auth.log,
ssh sudo 等等的都不记录了,但是记录日志syslog,sshd等服务正常,
而且还有一个问题,重启了这些服务,只会正常记录一会,然后又不记录了,莫名其妙的问
sryslog的设置也正常
112 Feb 13 12:48:27 wenguang sudo: wenguang : TTY=pts/4 ; PWD=/home/wenguang ; USER=root ; COMMAND=/bin/rm -r /usr/lib/php/
113 Feb 13 12:48:27 wenguang sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
114 Feb 13 12:48:27 wenguang sudo: pam_unix(sudo:session): session closed for user root
115 Feb 13 12:51:12 wenguang sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
116 Feb 13 12:51:13 wenguang sudo: pam_unix(sudo:session): session closed for user root
117 Feb 13 12:55:34 wenguang sudo: wenguang : TTY=pts/4 ; PWD=/home/wenguang ; USER=root ; COMMAND=/usr/bin/vim /var/log/aut h.log
118 Feb 13 12:55:34 wenguang sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
以上是我的日志auth.log,
ssh sudo 等等的都不记录了,但是记录日志syslog,sshd等服务正常,
而且还有一个问题,重启了这些服务,只会正常记录一会,然后又不记录了,莫名其妙的问
sryslog的设置也正常
