Where are unauthorized sudo attempts reported to?
It is reported in that file in ubuntu. It quite easy to change that. Just add this line in your /etc/sudoers
file. Use sudo visudo
to edit the file.
Defaults logfile=/var/log/sudo.log
You can change the file name to whatever you think is appropriate.
It is also sent by e-mail to root. If you want to have it sent to your user account instead, you can set an alias in /etc/aliases
. In addition, if your system is configured properly to send e-mail to the outside world, you can alias it to any e-mail address. (To read e-mail sent to your local account, you can use, e.g., mutt
.)