diff --git a/app/services/realtime_audit_service.py b/app/services/realtime_audit_service.py
index c339b82..8fefe13 100644
--- a/app/services/realtime_audit_service.py
+++ b/app/services/realtime_audit_service.py
@@ -586,21 +586,28 @@ QUALYS_AGENT_CMDS = {
         "/var/log/qualys-cloud-agent/qualys-cloud-agent.log "
         "/usr/local/qualys/cloud-agent/log/qualys-cloud-agent.log "
         "/var/log/qualysagent/qualysagent.log; do "
-        "  if [ -r \"$f\" ]; then echo \"=== $f ===\"; tail -50 \"$f\"; exit 0; fi; "
+        "  if [ -e \"$f\" ]; then "
+        "    out=$(tail -50 \"$f\" 2>/dev/null || sudo -n tail -50 \"$f\" 2>/dev/null); "
+        "    if [ -n \"$out\" ]; then echo \"=== $f ===\"; echo \"$out\"; exit 0; fi; "
+        "    echo \"=== $f (existe mais non lisible — sudo refuse) ===\"; "
+        "  fi; "
         "done; "
         "echo 'log Qualys introuvable. Chemins testes: /var/log/qualys/*, /var/log/qualys-cloud-agent/*, /usr/local/qualys/cloud-agent/log/*, /var/log/qualysagent/*'"
     ),
     "system_log": (
         "if command -v journalctl >/dev/null 2>&1; then "
-        "  journalctl -u qualys-cloud-agent --no-pager -n 50 2>/dev/null || echo '(journalctl: aucune entree)'; "
-        "elif [ -r /var/log/messages ]; then "
+        "  out=$(journalctl -u qualys-cloud-agent --no-pager -n 50 2>/dev/null || sudo -n journalctl -u qualys-cloud-agent --no-pager -n 50 2>/dev/null); "
+        "  if [ -n \"$out\" ]; then echo \"$out\"; else echo '(journalctl: aucune entree ou non autorise)'; fi; "
+        "elif [ -e /var/log/messages ]; then "
         "  echo '--- /var/log/messages (filtre qualys, 50 derniers) ---'; "
-        "  grep -i qualys /var/log/messages 2>/dev/null | tail -50 || echo 'aucune entree qualys'; "
-        "elif [ -r /var/log/syslog ]; then "
+        "  out=$(grep -i qualys /var/log/messages 2>/dev/null | tail -50 || sudo -n grep -i qualys /var/log/messages 2>/dev/null | tail -50); "
+        "  if [ -n \"$out\" ]; then echo \"$out\"; else echo '(aucune entree qualys ou sudo refuse)'; fi; "
+        "elif [ -e /var/log/syslog ]; then "
         "  echo '--- /var/log/syslog (filtre qualys, 50 derniers) ---'; "
-        "  grep -i qualys /var/log/syslog 2>/dev/null | tail -50 || echo 'aucune entree qualys'; "
+        "  out=$(grep -i qualys /var/log/syslog 2>/dev/null | tail -50 || sudo -n grep -i qualys /var/log/syslog 2>/dev/null | tail -50); "
+        "  if [ -n \"$out\" ]; then echo \"$out\"; else echo '(aucune entree qualys ou sudo refuse)'; fi; "
         "else "
-        "  echo 'logs systeme indisponibles (journalctl absent, messages/syslog non lisibles - sudo requis ?)'; "
+        "  echo 'logs systeme indisponibles (journalctl absent, messages/syslog non trouves)'; "
         "fi"
     ),
 }