sudo will normally only log the command it explicitly runs. If a user runs a command such as sudo su or sudo sh, subsequent commands run from that shell are not subject to sudo’s security policy. The same is true for commands that offer shell escapes (including most editors). If I/O logging is enabled, subsequent commands will have their input and/or output logged, but there will not be traditional logs for those commands.

1. Edit /etc/sudoers file by using command: visudo and add the entry below:

# visudo
Defaults log_output
Defaults log_input
Defaults iolog_dir=/backup/SUDO_IO_LOG

For example,

# cat /etc/sudoers
...
# add log
Defaults log_output
Defaults log_input
Defaults iolog_dir=/backup/SUDO_IO_LOG

2. log location

# pwd
/backup/SUDO_IO_LOG
# ls
00 seq