diff --git a/plugins/sudoers/audit.c b/plugins/sudoers/audit.c
index d5ae4acfc..8f7f5da45 100644
--- a/plugins/sudoers/audit.c
+++ b/plugins/sudoers/audit.c
@@ -51,9 +51,6 @@ char *audit_msg = NULL;
 /* sudoers_audit is declared at the end of this file. */
 extern sudo_dso_public struct audit_plugin sudoers_audit;
 
-/* XXX */
-int iolog_deserialize_info(struct log_details *details, char * const user_info[], char * const command_info[], char * const argv[], char * const user_env[]);
-
 static int
 audit_success(char *const argv[])
 {
@@ -144,14 +141,6 @@ audit_failure(char *const argv[], char const *const fmt, ...)
     debug_return_int(ret);
 }
 
-static struct sudoers_audit_state {
-    char * const *settings;
-    char * const *user_info;
-    int submit_optind;
-    char * const *submit_argv;
-    char * const *submit_envp;
-} sudoers_audit_state;
-
 static int
 sudoers_audit_open(unsigned int version, sudo_conv_t conversation,
     sudo_printf_t plugin_printf, char * const settings[],
@@ -187,13 +176,6 @@ sudoers_audit_open(unsigned int version, sudo_conv_t conversation,
     if (!sudoers_debug_register(plugin_path, &debug_files))
 	debug_return_int(-1);
 
-    /* Stash for later use. */
-    sudoers_audit_state.settings = settings;
-    sudoers_audit_state.user_info = user_info;
-    sudoers_audit_state.submit_argv = submit_argv;
-    sudoers_audit_state.submit_optind = submit_optind;
-    sudoers_audit_state.submit_envp = submit_envp;
-
     /* Call the sudoers init function. */
     info.settings = settings;
     info.user_info = user_info;
@@ -207,6 +189,81 @@ sudoers_audit_open(unsigned int version, sudo_conv_t conversation,
     debug_return_int(ret);
 }
 
+#ifdef SUDOERS_LOG_CLIENT
+static bool
+log_server_accept(char * const run_argv[], char * const run_envp[])
+{
+    struct eventlog *evlog;
+    struct timespec now;
+    bool ret = false;
+    debug_decl(log_server_accept, SUDOERS_DEBUG_PLUGIN);
+
+    /* Only send accept event to log server if I/O log plugin did not. */
+    if (SLIST_EMPTY(&def_log_servers) || def_log_input || def_log_output)
+	debug_return_bool(true);
+
+    if (sudo_gettime_real(&now) == -1) {
+	sudo_warn("%s", U_("unable to get time of day"));
+	goto done;
+    }
+    if ((evlog = malloc(sizeof(*evlog))) == NULL) {
+	sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory"));
+	goto done;
+    }
+
+    /* XXX - command and iolog_path from command_info? */
+    sudoers_to_eventlog(evlog, run_argv, run_envp);
+    if (!init_log_details(&audit_details, evlog))
+	goto done;
+
+    /* Open connection to log server, send hello and accept messages. */
+    client_closure = log_server_open(&audit_details, &now, false,
+	SEND_ACCEPT, NULL, sudoers_audit.event_alloc);
+    if (client_closure != NULL)
+	ret = true;
+done:
+    debug_return_bool(ret);
+}
+
+static void
+log_server_exit(int status_type, int status)
+{
+    debug_decl(log_server_exit, SUDOERS_DEBUG_PLUGIN);
+
+    if (client_closure != NULL) {
+	int exit_status = 0, error = 0;
+
+	if (status_type == SUDO_PLUGIN_WAIT_STATUS) {
+	    if (WIFEXITED(status))
+		exit_status = WEXITSTATUS(status);
+	    else
+		exit_status = WTERMSIG(status) | 128;
+	} else {
+	    /* Must be errno. */
+	    error = status;
+	}
+	log_server_close(client_closure, exit_status, error);
+	client_closure = NULL;
+	free(audit_details.evlog);
+	audit_details.evlog = NULL;
+    }
+
+    debug_return;
+}
+#else
+static bool
+log_server_accept(char * const run_argv[], char * const run_envp[])
+{
+    return true;
+}
+
+static void
+log_server_exit(int status_type, int status)
+{
+    return;
+}
+#endif /* SUDOERS_LOG_CLIENT */
+
 static int
 sudoers_audit_accept(const char *plugin_name, unsigned int plugin_type,
     char * const command_info[], char * const run_argv[],
@@ -228,32 +285,8 @@ sudoers_audit_accept(const char *plugin_name, unsigned int plugin_type,
     if (!log_allowed() && !def_ignore_logfile_errors)
 	ret = false;
 
-#ifdef SUDOERS_LOG_CLIENT
-    /* XXX - move to function, maybe log_allowed()? */
-    if (!SLIST_EMPTY(&def_log_servers) && !def_log_input && !def_log_output) {
-	/* Send accept event to log server. */
-	struct timespec now;
-
-	if (sudo_gettime_real(&now) == -1) {
-	    sudo_warn("%s", U_("unable to get time of day"));
-	    goto bad;
-	}
-
-	/* XXX - no longer iolog-specific */
-	/* XXX - returns false if not io logging */
-	if (iolog_deserialize_info(&audit_details, sudoers_audit_state.user_info,
-	    command_info, run_argv, run_envp) == -1) {
-	    goto bad;
-	}
-
-	/* Open connection to log server, send hello and accept messages. */
-	client_closure = log_server_open(&audit_details, &now, false,
-	    SEND_ACCEPT, NULL, sudoers_audit.event_alloc);
-	if (client_closure == NULL)
-bad:
-	    ret = false;
-    }
-#endif
+    if (!log_server_accept(run_argv, run_envp) && !def_ignore_logfile_errors)
+	ret = false;
 
     debug_return_int(ret);
 }
@@ -278,7 +311,7 @@ sudoers_audit_reject(const char *plugin_name, unsigned int plugin_type,
 	    ret = false;
     }
 
-    sudoers_to_eventlog(&evlog);
+    sudoers_to_eventlog(&evlog, NewArgv, env_get());
     if (!eventlog_reject(&evlog, 0, message, NULL, NULL))
 	ret = false;
 
@@ -311,7 +344,7 @@ sudoers_audit_error(const char *plugin_name, unsigned int plugin_type,
 	debug_return_bool(false);
     }
 
-    sudoers_to_eventlog(&evlog);
+    sudoers_to_eventlog(&evlog, NewArgv, env_get());
     if (!eventlog_alert(&evlog, 0, &now, message, NULL))
 	ret = false;
 
@@ -325,27 +358,7 @@ sudoers_audit_error(const char *plugin_name, unsigned int plugin_type,
 void
 sudoers_audit_close(int status_type, int status)
 {
-#ifdef SUDOERS_LOG_CLIENT
-    debug_decl(sudoers_audit_close, SUDOERS_DEBUG_PLUGIN);
-
-    if (client_closure != NULL) {
-	int exit_status = 0, error = 0;
-
-	if (status_type == SUDO_PLUGIN_WAIT_STATUS) {
-	    if (WIFEXITED(status))
-		exit_status = WEXITSTATUS(status);
-	    else
-		exit_status = WTERMSIG(status) | 128;
-	} else {
-	    /* Must be errno. */
-	    error = status;
-	}
-	log_server_close(client_closure, exit_status, error);
-	client_closure = NULL;
-    }
-
-    debug_return;
-#endif
+    log_server_exit(status_type, status);
 }
 
 static int
diff --git a/plugins/sudoers/logging.c b/plugins/sudoers/logging.c
index 641426ecd..af42d4288 100644
--- a/plugins/sudoers/logging.c
+++ b/plugins/sudoers/logging.c
@@ -88,7 +88,7 @@ oom:
     debug_return_ptr(NULL);
 }
 
-static bool
+bool
 init_log_details(struct log_details *details, struct eventlog *evlog)
 {
     struct sudoers_str_list *log_servers = NULL;
@@ -215,7 +215,7 @@ log_reject(const char *message, bool logit, bool mailit)
 	if (!logit)
 	    SET(evl_flags, EVLOG_MAIL_ONLY);
     }
-    sudoers_to_eventlog(&evlog);
+    sudoers_to_eventlog(&evlog, NewArgv, env_get());
     if (!eventlog_reject(&evlog, evl_flags, message, NULL, NULL))
 	ret = false;
 
@@ -477,7 +477,7 @@ log_allowed(void)
 	/* Log and mail messages should be in the sudoers locale. */
 	sudoers_setlocale(SUDOERS_LOCALE_SUDOERS, &oldlocale);
 
-	sudoers_to_eventlog(&evlog);
+	sudoers_to_eventlog(&evlog, NewArgv, env_get());
 	if (mailit) {
 	    SET(evl_flags, EVLOG_MAIL);
 	    if (!def_log_allowed)
@@ -555,7 +555,7 @@ vlog_warning(int flags, int errnum, const char *fmt, va_list ap)
 	    if (ISSET(flags, SLOG_NO_LOG))
 		SET(evl_flags, EVLOG_MAIL_ONLY);
 	}
-	sudoers_to_eventlog(&evlog);
+	sudoers_to_eventlog(&evlog, NewArgv, env_get());
 	eventlog_alert(&evlog, evl_flags, &now, message, errstr);
 
 	log_server_alert(&evlog, &now, message, errstr,
@@ -649,7 +649,8 @@ should_mail(int status)
  * The values in the resulting eventlog struct should not be freed.
  */
 void
-sudoers_to_eventlog(struct eventlog *evlog)
+sudoers_to_eventlog(struct eventlog *evlog, char * const argv[],
+    char * const envp[])
 {
     debug_decl(sudoers_to_eventlog, SUDOERS_DEBUG_LOGGING);
 
@@ -676,9 +677,9 @@ sudoers_to_eventlog(struct eventlog *evlog)
     evlog->submituser = user_name;
     /* TODO - submitgroup */
     evlog->ttyname = user_ttypath;
-    evlog->argv = NewArgv;
+    evlog->argv = (char **)argv;
     evlog->env_add = (char **)sudo_user.env_vars;
-    evlog->envp = env_get();
+    evlog->envp = (char **)envp;
     evlog->submit_time = sudo_user.submit_time;
     evlog->lines = sudo_user.lines;
     evlog->columns = sudo_user.cols;
diff --git a/plugins/sudoers/logging.h b/plugins/sudoers/logging.h
index 60d25a802..ec7cb0c5e 100644
--- a/plugins/sudoers/logging.h
+++ b/plugins/sudoers/logging.h
@@ -53,6 +53,7 @@ extern char *audit_msg;
 
 union sudo_defs_val;
 struct sudo_plugin_event;
+struct log_details;
 
 bool sudoers_warn_setlocale(bool restore, int *cookie);
 bool sudoers_setlocale(int locale_type, int *prev_locale);
@@ -70,7 +71,8 @@ bool log_warningx(int flags, const char *fmt, ...) __printflike(2, 3);
 bool gai_log_warning(int flags, int errnum, const char *fmt, ...) __printflike(3, 4);
 bool sudoers_initlocale(const char *ulocale, const char *slocale);
 bool sudoers_locale_callback(const union sudo_defs_val *);
-void sudoers_to_eventlog(struct eventlog *evlog);
+void sudoers_to_eventlog(struct eventlog *evlog, char * const argv[], char *const envp[]);
 void init_eventlog_config(void);
+bool init_log_details(struct log_details *details, struct eventlog *evlog);
 
 #endif /* SUDOERS_LOGGING_H */