20

For server monitoring, we execute couple of commands with password-less sudo every minute. This fills the server logs.

sudo: zabbix : TTY=unknown ; PWD=/ ; USER=root ; COMMAND=/foo/bar

Can I prevent these entries? The options NOLOG_INPUT and NOLOG_OUTPUT don't look like what I want.

I don't want to omit sudo's logging completely, only for the one user and the one (or more) command.

Is there a way to achieve this?

StephenKing
  • 36,187
  • 11
  • 83
  • 112

1 Answers1

32

You can disable the logging on a user basis using the Defaults: directive

example (disabled logging for user bla)

Defaults:bla !syslog

or using a Cmnd_Alias to disable it per command(s)

Cmnd_Alias SCRIPT = /usr/local/bin/myscript
Defaults!SCRIPT !syslog
# multiple commands need a comma between them
Cmnd_Alias MORE = /bin/ls, /bin/cat
Defaults!MORE !syslog

Tested on Debian 6.0.6 with sudo version 1.7.4p4 (so rather old ;) )

dwalter
  • 7,258
  • 1
  • 32
  • 34
  • 2
    If someone wants to disable "session opened/closed for user root" messages too, this worked for me: Defaults!SCRIPT !syslog, !pam_session –  Apr 23 '20 at 10:30
  • 5
    Replace `!syslog` with `!log_allowed` to stop logging successful attempts only, still logging denied attemps. – MarcH Jul 04 '21 at 22:26