I recently started working on sudo and i am trying to explore and understand the different aspects of sudo logging - I/O and audit.
I'm using sudo 1.8.22 package on Red hat linux 6.7. Does sudo write any logs in binary format; if yes
The sudo I/O logs generated for me on RHEL and sudo 1.8.22 seems to be in ascii/text format and not binary.
No sudo only logs as ASCII.
The only additional things that I'm aware of, with respect to sudo, are to enable the log_input and log_output which do nothing more than act as the script command does, and capture the commands passed into sudo and their output and log these as well.
For reference on these see this U&L Q&A titled: How to log commands within a "sudo su -"?.
For additional logging that is likely more what you want, I'd take a look at auditd instead. It can log pretty extensively what's going on with respect to a Linux node.
In addition to sudo there's alternatives there as well - https://www.sudo.ws/other.html both opensource and commercial. I've not mucked with many of these, except for Centrify (commercial) which provides an alternative tool to sudo, called dzdo. It has centralized logging and policies etc. which can be managed across a fleet of Linux nodes.
The closest thing I've seen to dzdo that's opensource is FreeIPA's centrally managed sudo polices and logging.
