Logging sudo activity as JSON

2021-01-22

There are new options for sudo: Logging as JSON! This may come in particularly handy when forwarding logs towards ELK, Splunk, or whatever. All that's required is adding Defaults log_format=json via sudo visudo or sudo visudo -f /etc/sudoers.d/json.

(Maybe) even better: Sudo supports a new method for remote logging with Defaults log_servers=192.0.2.8, which I need to look into.