Try source="/var/log/auth.log" sudo
When i give source="/var/log/auth.log" sudo it is showing all the accounts that performed a sudo not only to ROOT but also to other ones.
i am trying to sort out the results only to ROOT like, the accounts that did sudo su - root.