diff --git a/doc/sudo_logsrvd.conf.man.in b/doc/sudo_logsrvd.conf.man.in
index fcd4aa7f3..807864514 100644
--- a/doc/sudo_logsrvd.conf.man.in
+++ b/doc/sudo_logsrvd.conf.man.in
@@ -16,7 +16,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.TH "SUDO_LOGSRVD.CONF" "@mansectform@" "June 13, 2021" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
+.TH "SUDO_LOGSRVD.CONF" "@mansectform@" "July 9, 2021" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
 .nh
 .if n .ad l
 .SH "NAME"
@@ -168,6 +168,7 @@ will enable the TCP keepalive socket option on the client connection.
 This enables the periodic transmission of keepalive messages to the client.
 If the client does not respond to a message in time, the connection will
 be closed.
+Defaults to true.
 .TP 10n
 timeout = number
 The amount of time, in seconds,
@@ -618,6 +619,12 @@ and
 The default value is
 \fIsyslog\fR.
 .TP 6n
+log_exit = boolean
+If true,
+\fBsudo_logsrvd\fR
+will log an event when a command exits or is terminated by a signal.
+Defaults to false.
+.TP 6n
 log_format = string
 The event log format.
 Supported log formats are
@@ -625,7 +632,7 @@ Supported log formats are
 for traditional sudo-style logs and
 \(lqjson\(rq
 for JSON-format logs.
-The JSON log entries contain the full contents of the accept, reject
+The JSON log entries contain the full contents of the accept, reject, exit
 and alert messages.
 The default value is
 \fIsudo\fR.
@@ -788,6 +795,7 @@ Sudo log server configuration file
 #server_log = syslog
 
 # If true, enable the SO_KEEPALIVE socket option on client connections.
+# Defaults to true.
 #tcp_keepalive = true
 
 # The amount of time, in seconds, the server will wait for the client to
@@ -859,6 +867,7 @@ Sudo log server configuration file
 #store_first = true
 
 # If true, enable the SO_KEEPALIVE socket option on relay connections.
+# Defaults to true.
 #tcp_keepalive = true
 
 # The amount of time, in seconds, the server will wait for the relay to
@@ -945,11 +954,15 @@ Sudo log server configuration file
 #maxseq = 2176782336
 
 [eventlog]
-# Where to log accept, reject and alert events.
+# Where to log accept, reject, exit and alert events.
 # Accepted values are syslog, logfile, or none.
 # Defaults to syslog
 #log_type = syslog
 
+# Whether to log an event when a command exits or is terminated by a signal.
+# Defaults to false
+#log_exit = true
+
 # Event log format.
 # Currently only sudo-style event logs are supported.
 #log_format = sudo
diff --git a/doc/sudo_logsrvd.conf.mdoc.in b/doc/sudo_logsrvd.conf.mdoc.in
index c8254ac1d..7deab6ec8 100644
--- a/doc/sudo_logsrvd.conf.mdoc.in
+++ b/doc/sudo_logsrvd.conf.mdoc.in
@@ -15,7 +15,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd June 13, 2021
+.Dd July 9, 2021
 .Dt SUDO_LOGSRVD.CONF @mansectform@
 .Os Sudo @PACKAGE_VERSION@
 .Sh NAME
@@ -152,6 +152,7 @@ will enable the TCP keepalive socket option on the client connection.
 This enables the periodic transmission of keepalive messages to the client.
 If the client does not respond to a message in time, the connection will
 be closed.
+Defaults to true.
 .It timeout = number
 The amount of time, in seconds,
 .Nm sudo_logsrvd
@@ -550,6 +551,11 @@ and
 .Em none .
 The default value is
 .Em syslog .
+.It log_exit = boolean
+If true,
+.Nm sudo_logsrvd
+will log an event when a command exits or is terminated by a signal.
+Defaults to false.
 .It log_format = string
 The event log format.
 Supported log formats are
@@ -557,7 +563,7 @@ Supported log formats are
 for traditional sudo-style logs and
 .Dq json
 for JSON-format logs.
-The JSON log entries contain the full contents of the accept, reject
+The JSON log entries contain the full contents of the accept, reject, exit
 and alert messages.
 The default value is
 .Em sudo .
@@ -717,6 +723,7 @@ Sudo log server configuration file
 #server_log = syslog
 
 # If true, enable the SO_KEEPALIVE socket option on client connections.
+# Defaults to true.
 #tcp_keepalive = true
 
 # The amount of time, in seconds, the server will wait for the client to
@@ -788,6 +795,7 @@ Sudo log server configuration file
 #store_first = true
 
 # If true, enable the SO_KEEPALIVE socket option on relay connections.
+# Defaults to true.
 #tcp_keepalive = true
 
 # The amount of time, in seconds, the server will wait for the relay to
@@ -874,11 +882,15 @@ Sudo log server configuration file
 #maxseq = 2176782336
 
 [eventlog]
-# Where to log accept, reject and alert events.
+# Where to log accept, reject, exit and alert events.
 # Accepted values are syslog, logfile, or none.
 # Defaults to syslog
 #log_type = syslog
 
+# Whether to log an event when a command exits or is terminated by a signal.
+# Defaults to false
+#log_exit = true
+
 # Event log format.
 # Currently only sudo-style event logs are supported.
 #log_format = sudo
diff --git a/examples/sudo_logsrvd.conf b/examples/sudo_logsrvd.conf
index 2d42a6ab9..675f1f17c 100644
--- a/examples/sudo_logsrvd.conf
+++ b/examples/sudo_logsrvd.conf
@@ -28,6 +28,7 @@
 #server_log = syslog
 
 # If true, enable the SO_KEEPALIVE socket option on client connections.
+# Defaults to true.
 #tcp_keepalive = true
 
 # The amount of time, in seconds, the server will wait for the client to
@@ -99,6 +100,7 @@
 #store_first = true
 
 # If true, enable the SO_KEEPALIVE socket option on relay connections.
+# Defaults to true.
 #tcp_keepalive = true
 
 # The amount of time, in seconds, the server will wait for the relay to
@@ -185,11 +187,15 @@
 #maxseq = 2176782336
 
 [eventlog]
-# Where to log accept, reject and alert events.
+# Where to log accept, reject, exit and alert events.
 # Accepted values are syslog, logfile, or none.
 # Defaults to syslog
 #log_type = syslog
 
+# Whether to log an event when a command exits or is terminated by a signal.
+# Defaults to false
+#log_exit = true
+
 # Event log format.
 # Supported log formats are "sudo" and "json"
 # Defaults to sudo
diff --git a/logsrvd/logsrvd.h b/logsrvd/logsrvd.h
index c27f4d0d3..95663df69 100644
--- a/logsrvd/logsrvd.h
+++ b/logsrvd/logsrvd.h
@@ -219,6 +219,7 @@ SSL_CTX *logsrvd_server_tls_ctx(void);
 bool logsrvd_conf_relay_tls_check_peer(void);
 SSL_CTX *logsrvd_relay_tls_ctx(void);
 #endif
+bool logsrvd_conf_log_exit(void);
 mode_t logsrvd_conf_iolog_mode(void);
 void address_list_addref(struct server_address_list *);
 void address_list_delref(struct server_address_list *);
diff --git a/logsrvd/logsrvd_conf.c b/logsrvd/logsrvd_conf.c
index 46bb4b140..3f8a2519a 100644
--- a/logsrvd/logsrvd_conf.c
+++ b/logsrvd/logsrvd_conf.c
@@ -158,6 +158,7 @@ static struct logsrvd_config {
     } iolog;
     struct logsrvd_config_eventlog {
 	int log_type;
+        bool log_exit;
 	enum eventlog_format log_format;
     } eventlog;
     struct logsrvd_config_syslog {
@@ -177,6 +178,13 @@ static struct logsrvd_config {
 
 static bool logsrvd_warn_enable_stderr = true;
 
+/* eventlog getters */
+bool
+logsrvd_conf_log_exit(void)
+{
+    return logsrvd_config->eventlog.log_exit;
+}
+
 /* iolog getters */
 mode_t
 logsrvd_conf_iolog_mode(void)
@@ -829,6 +837,19 @@ cb_eventlog_format(struct logsrvd_config *config, const char *str, size_t offset
     debug_return_bool(true);
 }
 
+static bool
+cb_eventlog_exit(struct logsrvd_config *config, const char *str, size_t offset)
+{
+    int val;
+    debug_decl(cb_eventlog_exit, SUDO_DEBUG_UTIL);
+
+    if ((val = sudo_strtobool(str)) == -1)
+	debug_return_bool(false);
+
+    config->eventlog.log_exit = val;
+    debug_return_bool(true);
+}
+
 /* syslog callbacks */
 static bool
 cb_syslog_maxlen(struct logsrvd_config *config, const char *str, size_t offset)
@@ -1044,6 +1065,7 @@ static struct logsrvd_config_entry iolog_conf_entries[] = {
 static struct logsrvd_config_entry eventlog_conf_entries[] = {
     { "log_type", cb_eventlog_type },
     { "log_format", cb_eventlog_format },
+    { "log_exit", cb_eventlog_exit },
     { NULL }
 };
 
@@ -1543,6 +1565,7 @@ logsrvd_conf_alloc(void)
     /* Event log defaults */
     config->eventlog.log_type = EVLOG_SYSLOG;
     config->eventlog.log_format = EVLOG_SUDO;
+    config->eventlog.log_exit = false;
 
     /* Syslog defaults */
     config->syslog.maxlen = 960;
diff --git a/logsrvd/logsrvd_local.c b/logsrvd/logsrvd_local.c
index 05a0783f1..779c396dd 100644
--- a/logsrvd/logsrvd_local.c
+++ b/logsrvd/logsrvd_local.c
@@ -210,11 +210,14 @@ bool
 store_exit_local(ExitMessage *msg, uint8_t *buf, size_t len,
     struct connection_closure *closure)
 {
+    const char *signame = NULL;
+    struct timespec run_time = { msg->run_time->tv_sec, msg->run_time->tv_nsec };
+    int flags = 0;
     mode_t mode;
     debug_decl(store_exit_local, SUDO_DEBUG_UTIL);
 
-    /* Sudo I/O logs don't store this info. */
     if (msg->signal != NULL && msg->signal[0] != '\0') {
+	signame = msg->signal;
 	sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO,
 	    "command was killed by SIG%s%s", msg->signal,
 	    msg->dumped_core ? " (core dumped)" : "");
@@ -222,6 +225,13 @@ store_exit_local(ExitMessage *msg, uint8_t *buf, size_t len,
 	sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO,
 	    "command exited with %d", msg->exit_value);
     }
+    if (logsrvd_conf_log_exit()) {
+	if (!eventlog_exit(closure->evlog, flags, &run_time, msg->exit_value,
+		signame, msg->dumped_core, NULL, NULL)) {
+	    closure->errstr = _("error logging exit event");
+	    debug_return_bool(false);
+	}
+    }
 
     if (closure->log_io) {
 	/* Clear write bits from I/O timing file to indicate completion. */