Which logging mechanism is specifically designed to track major events such as switching to root?

The correct choice is SULOG, which serves as a specialized logging mechanism focused on recording significant events related to privilege escalation, such as transitioning to the root user. SULOG captures information pertinent to user actions that require elevated permissions, enhancing accountability and security oversight.

While syslog functions as a more general-purpose logging system for a variety of system messages and events across devices, it does not specifically target actions like switching to root. Lastlog keeps records of the last login of users, while UTMP tracks current logins and system uptime. Therefore, these options do not specialize in monitoring critical events related to privilege escalation, making SULOG the appropriate choice for tracking actions like switching to root.