Simple(?) question... Looking for the best way to log all "sudo su - someuser". Obviously, it already flags sudo root, but I am looking to track all the users who are authorized to sudo to other accounts and when they do it. I could modify the syslog_rules - which worked, but since that is a bad thing to do, I was wondering if someone has the best local_rule format to do this without making changes to syslog_rules.
thanks ~K
