# This is a sample syslog.conf fragment for use with Sudo.
#
-# Sudo logs to local2 by default, but this is changable via the
-# --with-logfac configure option. To see what syslog facility
-# a sudo binary uses, run `sudo -V' as *root*. You may have
-# to check /usr/include/syslog.h to map the facility number to
-# a name.
+# By default, sudo logs to "authpriv" if your system supports it, else it
+# uses "auth". The facility can be set via the --with-logfac configure
+# option or in the sudoers file.
+# To see what syslog facility a sudo binary uses, run `sudo -V' as *root*.
#
# NOTES:
# The whitespace in the following line is made up of <TAB>
# create the file before syslogd will log to it. Eg.
# 'touch /var/log/sudo'
-# This logs successful and failed sudo attempts to the file /var/log/sudo
-local2.debug /var/log/sudo
+# This logs successful and failed sudo attempts to the file /var/log/auth
+# If your system has the authpriv syslog facility, use authpriv.debug
+auth.debug /var/log/auth
# To log to a remote machine, use something like the following,
# where "loghost" is the name of the remote machine.
-local2.debug @loghost
+# If your system has the authpriv syslog facility, use authpriv.debug
+auth.debug @loghost