用系统自带的日志系统rsyslog
echo "Defaults logfile=/var/log/sudo.log" >> /etc/sudoers#在visudo 中添加 howhy ALL=(ALL) ALL,!/usr/bin/passwd [a-zA-z]+,!/bin/su -
echo "local2.debug /var/log/sudo.log" >> /etc/rsyslog.conf
或vi /etc/rsyslog.conf
# Save sudo log to sudo.log
local2.debug /var/log/sudo.log
systemctl restart rsyslog
