diff --git a/plugins/sudoers/audit.c b/plugins/sudoers/audit.c
index 3e05d4140..4981f57b5 100644
--- a/plugins/sudoers/audit.c
+++ b/plugins/sudoers/audit.c
@@ -93,20 +93,17 @@ audit_failure_int(char *const argv[], const char *message)
 }
 
 int
-audit_failure(char *const argv[], char const *const fmt, ...)
+vaudit_failure(char *const argv[], char const *const fmt, va_list ap)
 {
     int oldlocale, ret;
     char *message;
-    va_list ap;
-    debug_decl(audit_failure, SUDOERS_DEBUG_AUDIT);
+    debug_decl(vaudit_failure, SUDOERS_DEBUG_AUDIT);
 
     /* Audit messages should be in the sudoers locale. */
     sudoers_setlocale(SUDOERS_LOCALE_SUDOERS, &oldlocale);
 
-    va_start(ap, fmt);
     if ((ret = vasprintf(&message, _(fmt), ap)) == -1)
 	sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory"));
-    va_end(ap);
 
     if (ret != -1) {
 	/* Set audit_msg for audit plugins.  */
@@ -121,6 +118,20 @@ audit_failure(char *const argv[], char const *const fmt, ...)
     debug_return_int(ret);
 }
 
+int
+audit_failure(char *const argv[], char const *const fmt, ...)
+{
+    va_list ap;
+    int ret;
+    debug_decl(audit_failure, SUDOERS_DEBUG_AUDIT);
+
+    va_start(ap, fmt);
+    ret = vaudit_failure(argv, fmt, ap);
+    va_end(ap);
+
+    debug_return_int(ret);
+}
+
 static int
 sudoers_audit_open(unsigned int version, sudo_conv_t conversation,
     sudo_printf_t plugin_printf, char * const settings[],
diff --git a/plugins/sudoers/logging.c b/plugins/sudoers/logging.c
index 0230984c9..a03872d0e 100644
--- a/plugins/sudoers/logging.c
+++ b/plugins/sudoers/logging.c
@@ -502,6 +502,13 @@ vlog_warning(int flags, int errnum, const char *fmt, va_list ap)
     int len;
     debug_decl(vlog_warning, SUDOERS_DEBUG_LOGGING);
 
+    /* Do auditing first (audit_failure() handles the locale itself). */
+    if (ISSET(flags, SLOG_AUDIT)) {
+	va_copy(ap2, ap);
+	vaudit_failure(NewArgv, fmt, ap2);
+	va_end(ap2);
+    }
+
     /* Need extra copy of ap for sudo_vwarn()/sudo_vwarnx() below. */
     va_copy(ap2, ap);
 
diff --git a/plugins/sudoers/logging.h b/plugins/sudoers/logging.h
index 71aaa0bb9..3b13d11d2 100644
--- a/plugins/sudoers/logging.h
+++ b/plugins/sudoers/logging.h
@@ -44,6 +44,7 @@
 #define SLOG_SEND_MAIL		0x08	/* log via mail */
 #define SLOG_NO_STDERR		0x10	/* do not log via stderr */
 #define SLOG_NO_LOG		0x20	/* do not log via file or syslog */
+#define SLOG_AUDIT		0x40	/* send message to audit as well */
 
 /*
  * Maximum number of characters to log per entry.  The syslogger
@@ -74,6 +75,7 @@ bool sudoers_warn_setlocale(bool restore, int *cookie);
 bool sudoers_setlocale(int newlocale, int *prevlocale);
 int sudoers_getlocale(void);
 int audit_failure(char *const argv[], char const *const fmt, ...) __printflike(2, 3);
+int vaudit_failure(char *const argv[], char const *const fmt, va_list ap) __printflike(2, 0);
 bool log_allowed(int status);
 bool log_auth_failure(int status, unsigned int tries);
 bool log_denial(int status, bool inform_user);
diff --git a/plugins/sudoers/sudoers.c b/plugins/sudoers/sudoers.c
index 581c65373..b64ef5b77 100644
--- a/plugins/sudoers/sudoers.c
+++ b/plugins/sudoers/sudoers.c
@@ -292,10 +292,7 @@ check_user_runchroot(void)
 
     if (def_runchroot == NULL || (strcmp(def_runchroot, "*") != 0 &&
 	    strcmp(def_runchroot, user_runchroot) != 0)) {
-	audit_failure(NewArgv,
-	    N_("user not allowed to change root directory to %s"),
-	    user_runchroot);
-	log_warningx(SLOG_NO_STDERR,
+	log_warningx(SLOG_NO_STDERR|SLOG_AUDIT,
 	    N_("user not allowed to change root directory to %s"),
 	    user_runchroot);
 	sudo_warnx(U_("you are not permitted to use the -R option with %s"),
@@ -322,9 +319,7 @@ check_user_runcwd(void)
 
     if (strcmp(user_cwd, user_runcwd) != 0) {
 	if (def_runcwd == NULL || strcmp(def_runcwd, "*") != 0) {
-	    audit_failure(NewArgv,
-		N_("user not allowed to change directory to %s"), user_runcwd);
-	    log_warningx(SLOG_NO_STDERR,
+	    log_warningx(SLOG_NO_STDERR|SLOG_AUDIT,
 		N_("user not allowed to change directory to %s"), user_runcwd);
 	    sudo_warnx(U_("you are not permitted to use the -D option with %s"),
 		user_cmnd);
@@ -416,9 +411,7 @@ sudoers_policy_main(int argc, char * const argv[], int pwflag, char *env_add[],
     /* Check for -C overriding def_closefrom. */
     if (user_closefrom >= 0 && user_closefrom != def_closefrom) {
 	if (!def_closefrom_override) {
-	    audit_failure(NewArgv,
-		N_("user not allowed to override closefrom limit"));
-	    log_warningx(SLOG_NO_STDERR,
+	    log_warningx(SLOG_NO_STDERR|SLOG_AUDIT,
 		N_("user not allowed to override closefrom limit"));
 	    sudo_warnx("%s", U_("you are not permitted to use the -C option"));
 	    goto bad;
@@ -448,14 +441,13 @@ sudoers_policy_main(int argc, char * const argv[], int pwflag, char *env_add[],
 
     /* Defer uid/gid checks until after defaults have been updated. */
     if (unknown_runas_uid && !def_runas_allow_unknown_id) {
-	audit_failure(NewArgv, N_("unknown user: %s"), runas_pw->pw_name);
-	log_warningx(0, N_("unknown user: %s"), runas_pw->pw_name);
+	log_warningx(SLOG_AUDIT, N_("unknown user: %s"), runas_pw->pw_name);
 	goto done;
     }
     if (runas_gr != NULL) {
 	if (unknown_runas_gid && !def_runas_allow_unknown_id) {
-	    audit_failure(NewArgv, N_("unknown group: %s"), runas_gr->gr_name);
-	    log_warningx(0, N_("unknown group: %s"), runas_gr->gr_name);
+	    log_warningx(SLOG_AUDIT, N_("unknown group: %s"),
+		runas_gr->gr_name);
 	    goto done;
 	}
     }
@@ -496,17 +488,15 @@ sudoers_policy_main(int argc, char * const argv[], int pwflag, char *env_add[],
 
     /* Bail if a tty is required and we don't have one.  */
     if (def_requiretty && !tty_present()) {
-	audit_failure(NewArgv, N_("no tty"));
-	log_warningx(SLOG_NO_STDERR, N_("no tty"));
+	log_warningx(SLOG_NO_STDERR|SLOG_AUDIT, N_("no tty"));
 	sudo_warnx("%s", U_("sorry, you must have a tty to run sudo"));
 	goto bad;
     }
 
     /* Check runas user's shell. */
     if (!check_user_shell(runas_pw)) {
-	audit_failure(NewArgv, N_("invalid shell for user %s: %s"),
-	    runas_pw->pw_name, runas_pw->pw_shell);
-	log_warningx(SLOG_RAW_MSG, N_("invalid shell for user %s: %s"),
+	log_warningx(SLOG_RAW_MSG|SLOG_AUDIT,
+	    N_("invalid shell for user %s: %s"),
 	    runas_pw->pw_name, runas_pw->pw_shell);
 	goto bad;
     }
@@ -607,8 +597,7 @@ sudoers_policy_main(int argc, char * const argv[], int pwflag, char *env_add[],
 
     /* If user specified a timeout make sure sudoers allows it. */
     if (!def_user_command_timeouts && user_timeout > 0) {
-	audit_failure(NewArgv, N_("user not allowed to set a command timeout"));
-	log_warningx(SLOG_NO_STDERR,
+	log_warningx(SLOG_NO_STDERR|SLOG_AUDIT,
 	    N_("user not allowed to set a command timeout"));
 	sudo_warnx("%s",
 	    U_("sorry, you are not allowed set a command timeout"));
@@ -618,9 +607,7 @@ sudoers_policy_main(int argc, char * const argv[], int pwflag, char *env_add[],
     /* If user specified env vars make sure sudoers allows it. */
     if (ISSET(sudo_mode, MODE_RUN) && !def_setenv) {
 	if (ISSET(sudo_mode, MODE_PRESERVE_ENV)) {
-	    audit_failure(NewArgv,
-		N_("user not allowed to preserve the environment"));
-	    log_warningx(SLOG_NO_STDERR,
+	    log_warningx(SLOG_NO_STDERR|SLOG_AUDIT,
 		N_("user not allowed to preserve the environment"));
 	    sudo_warnx("%s",
 		U_("sorry, you are not allowed to preserve the environment"));