Listing 1: JSON-Format von sudo

{
"accept": {
"server_time": {
"seconds": 1716370731,
"nanoseconds": 137298080,
"iso8601": "20240522093851Z",
"localtime": "May 22 09:38:51"
},
[...]
}


Listing 2: /etc/syslog-ng/conf.d/sudo.conf

# cat sudo.conf
source s_sudojson {
file("/var/log/sudo" flags(no-parse));
};
parser p_json {
json-parser();
};
destination d_sudo-welf {
file("/var/log/sudo"
template("$(format-welf --scope nv_pairs
--exclude MESSAGE --exclude accept.submitenv)\n\n")
);
file("/var/log/sudo-text"
template("${DATE} user ${accept.submituser} ran ${accept.command} on host ${HOST}
using sudo\n")
);
};
log {
source(s_sudojson);
parser(p_json);
destination(d_sudo);
}