Change the default syslog facility from local2 to authpriv (or auth

if the operating system doesn't support authpriv).

doc/TROUBLESHOOTING

@@ -36,12 +36,13 @@ Q) Sudo is setup to log via syslog(3) but I'm not getting any log
    messages.
 A) Make sure you have an entry in your syslog.conf file to save
    the sudo messages (see the sample.syslog.conf file).  The default
-   log facility is local2 (changeable via configure).  Don't forget
-   to send a SIGHUP to your syslogd so that it re-reads its conf file.
-   Also, remember that syslogd does *not* create log files, you need to
-   create the file before syslogd will log to it (ie: touch /var/log/sudo).
-   Note:  the facility ("local2.debug") must be separated from the 
-	  destination ("/var/adm/sudo.log" or "@loghost") by
+   log facility is authpriv (changeable via configure or in sudoers).
+   Don't forget to send a SIGHUP to your syslogd so that it re-reads
+   its conf file.  Also, remember that syslogd does *not* create
+   log files, you need to create the file before syslogd will log
+   to it (ie: touch /var/log/sudo).
+   Note:  the facility (e.g. "auth.debug") must be separated from the 
+	  destination (e.g. "/var/log/auth" or "@loghost") by
 	  tabs, *not* spaces.  This is a common error.
 
 Q) When sudo asks me for my password it never accepts what I enter even

doc/UPGRADE

@@ -29,6 +29,11 @@ o Upgrading from a version prior to 1.7.4:
     use when searching for configuration files.  Adding HOME to env_keep
     may enable a user to run unrestricted commands via sudo.
 
+    The default syslog facility has changed from "local2" or "authpriv"
+    (or "auth" if the operating system doesn't have "authpriv").
+    The --with-logfac configure option can be used to change this
+    or it can be changed in the sudoers file.
+
 o Upgrading from a version prior to 1.7.0:
 
     Starting with sudo 1.7.0, comments in the sudoers file must not

doc/sample.syslog.conf

@@ -1,10 +1,9 @@
 # This is a sample syslog.conf fragment for use with Sudo.
 #
-# Sudo logs to local2 by default, but this is changable via the
-# --with-logfac configure option.  To see what syslog facility
-# a sudo binary uses, run `sudo -V' as *root*.  You may have
-# to check /usr/include/syslog.h to map the facility number to
-# a name.
+# By default, sudo logs to "authpriv" if your system supports it, else it
+# uses "auth".  The facility can be set via the --with-logfac configure
+# option or in the sudoers file.
+# To see what syslog facility a sudo binary uses, run `sudo -V' as *root*.
 #
 # NOTES:
 #	The whitespace in the following line is made up of <TAB>
@@ -17,9 +16,11 @@
 #	create the file before syslogd will log to it.  Eg.
 #	'touch /var/log/sudo'
 
-# This logs successful and failed sudo attempts to the file /var/log/sudo
-local2.debug					/var/log/sudo
+# This logs successful and failed sudo attempts to the file /var/log/auth
+# If your system has the authpriv syslog facility, use authpriv.debug
+auth.debug					/var/log/auth
 
 # To log to a remote machine, use something like the following,
 # where "loghost" is the name of the remote machine.
-local2.debug					@loghost
+# If your system has the authpriv syslog facility, use authpriv.debug
+auth.debug					@loghost

doc/sudoers.cat

@@ -1390,7 +1390,7 @@ SUDOERS(4)             MAINTENANCE COMMANDS            SUDOERS(4)
 SUDOERS(4)             MAINTENANCE COMMANDS            SUDOERS(4)
 
 
-                   to disable syslog logging).  Defaults to local2.
+                   to disable syslog logging).  Defaults to auth.
 
        verifypw    This option controls when a password will be required when
                    a user runs ssuuddoo with the --vv option.  It has the following