Where will the incident with the sudo command be reported to?

terminal sudo

Solution 1:

The event will be logged in /var/log/secure.log and a mail will be sent to root (which by default goes to /dev/null which is Unix speak for it is discarded).

Solution 2:

In older versions of OS X (through 10.6 or maybe 10.7), the disallowed sudo attempt would be logged in /var/log/secure.log; in more recent versions it's recorded in the ASL (Apple System Log) database, in /var/log/asl/*. You can read this with the Console.app utility (select ALL MESSAGES in the sidebar, then if you can't find them use the search field in the upper right to search for sudo). You can also use the command-line syslog command to query the database (syslog -k Facility authpriv -k Sender sudo should do it). Note that with either Console.app or syslog, the entries will only be visible if you are running as an admin or root.

Source

Related

Gap at the bottom of maximized windows
How to check VT-x status on MacBook Pro
Constantly dropping internet on El Capitan?
WindowServer is eating lots of CPU, can't work out why
With File Vault ON are time machine backups encrypted?
Does Spotlight normally index links in ~/Applications?
MTMFS consuming an entire CPU core and fans running full bore with Lion
Can I undo changes made via "defaults write"?
Are there third-party mechanical keyboards that strictly have the Apple layout?
Using my own server instead of iCloud
Huge Apple Mail Logs (Connection Logging Enabled)
What is the "Spray Like" icon in the new MacBook Pro Touch Bar?