Hi there,
I'm working with a Linux server and now I can get a daily Logwatch mail ... my question is:since there are too many users with root password (...in my opinion... 
) how could I prevent to delete information about "su" log?
Thanks in advance,
GB
Or you could limit the use of the su command by setting up a Unix group of folk who are allowed access to the root account and limit the su command to being only run by members of that group and root itself and not be world executable or world readable? (Traditionally referred to as the wheel group ).
Make sure you catch all versions of su in your installation and ensure folk cannot SSH in as root.
Or you can use sudo and limit which commands users can run as root. This also forces people to log in with a non-privileged account first.
if the people with root access cannot be trusted then the removal of the su log is the least of your worries.
but... one thing you could do is setup a remote syslog server with limited access and configure all of the UNIX clients to log to that server. This would prevent the logs from being tampered with. Make sure the same people with root cannot access that server. This would only be part of the solution but might prove very useful.