diff --git a/modules/jenkins/files/jenkins-sudo-grep.sudo b/modules/jenkins/files/jenkins-sudo-grep.sudo
new file mode 100644
index 0000000000..cf8e731fa9
--- /dev/null
+++ b/modules/jenkins/files/jenkins-sudo-grep.sudo
@@ -0,0 +1 @@
+jenkins	ALL = NOPASSWD:/usr/local/jenkins/slave_scripts/jenkins-sudo-grep.sh
diff --git a/modules/jenkins/files/slave_scripts/jenkins-sudo-grep.sh b/modules/jenkins/files/slave_scripts/jenkins-sudo-grep.sh
new file mode 100755
index 0000000000..305337c973
--- /dev/null
+++ b/modules/jenkins/files/slave_scripts/jenkins-sudo-grep.sh
@@ -0,0 +1,51 @@
+#!/bin/bash
+
+# Copyright 2012 Hewlett-Packard Development Company, L.P.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+# Find out if jenkins has attempted to run any sudo commands by checking
+# the auth.log file before and after a test run.
+
+PATTERN="sudo.*jenkins.*:.*incorrect password attempts"
+OLDLOGFILE=/var/log/auth.log.1
+LOGFILE=/var/log/auth.log
+
+case "$1" in
+    pre)
+	rm -fr /tmp/jenkins-sudo-log
+	mkdir /tmp/jenkins-sudo-log
+	if [ -f $OLDLOGFILE ]
+	then
+	    stat -c %Y $OLDLOGFILE > /tmp/jenkins-sudo-log/mtime-pre
+	else
+	    echo "0" > /tmp/jenkins-sudo-log/mtime-pre
+	fi
+	grep -h "$PATTERN" $LOGFILE > /tmp/jenkins-sudo-log/pre
+	;;
+    post)
+	if [ -f $OLDLOGFILE ]
+	then
+	    stat -c %Y $OLDLOGFILE > /tmp/jenkins-sudo-log/mtime-post
+	else
+	    echo "0" > /tmp/jenkins-sudo-log/mtime-post
+	fi
+	if ! diff /tmp/jenkins-sudo-log/mtime-pre /tmp/jenkins-sudo-log/mtime-post > /dev/null
+	then
+	    echo "diff"
+	    grep -h "$PATTERN" $OLDLOGFILE > /tmp/jenkins-sudo-log/post
+	fi
+	grep -h "$PATTERN" $LOGFILE >> /tmp/jenkins-sudo-log/post
+	diff /tmp/jenkins-sudo-log/pre /tmp/jenkins-sudo-log/post
+	;;
+esac
diff --git a/modules/jenkins/manifests/slave.pp b/modules/jenkins/manifests/slave.pp
index dbc30ffe60..a01733023a 100644
--- a/modules/jenkins/manifests/slave.pp
+++ b/modules/jenkins/manifests/slave.pp
@@ -147,6 +147,14 @@ class jenkins::slave($ssh_key, $sudo = false, $bare = false, $user = true) {
                 ],
     }
 
+    file { '/etc/sudoers.d/jenkins-sudo-grep':
+      ensure => present,
+      source => "puppet:///modules/jenkins/jenkins-sudo-grep.sudo",
+      owner => 'root',
+      group => 'root',
+      mode => 440,
+    }
+
     # Temporary for debugging glance launch problem
     # https://lists.launchpad.net/openstack/msg13381.html
     file { '/etc/sysctl.d/10-ptrace.conf':