sulog - su command log file
Each entry in the sulog file is a single line of the form:
SU date time result port user-newuser
The month and date su(8) was executed. date is displayed in the form mm/dd where mm is the month number and dd is the day number in the month.
The time su(8) was executed. time is displayed in the form HH:MM where HH is the hour number (24 hour system) and MM is the minute number. The time zone for this timestamp depends on the TZ variable in the environment used to start su, which may differ from the system time zone or the time zones used by other invocations of the su command.
The result of the su(8) command. A ‘+’ sign is displayed in this field if the su attempt was successful; otherwise a ‘-’ sign is displayed.
The name of the terminal device from which su(8) was executed.
The user id of the user executing the su(8) command.
The user id being switched to with su(8).
The sulog file is maintained for historical usage, but is not recommended for auditing purposes due to its limited content and reliance on the caller's time zone. Instead it is recommended to rely on the system audit.log(5) files, which may be viewed with admhist(8) or praudit(8).
Here is a sample sulog file:
SU 02/25 09:29 + console root-sys SU 02/25 09:32 + pts/3 user1-root SU 03/02 08:03 + pts/5 user1-root SU 03/03 08:19 + pts/5 user1-root SU 03/09 14:24 - pts/5 guest3-root SU 03/09 14:24 - pts/5 guest3-root SU 03/14 08:31 + pts/4 user1-root
See environ(7) for descriptions of the following environment variables that affect the data recorded in sulog: TZ.
Default location of su log file
Sets the location of sulog