summaryrefslogtreecommitdiff
path: root/src/etc/rsyslog.conf
diff options
context:
space:
mode:
authorViacheslav Hletenko <v.gletenko@vyos.io>2024-04-23 15:43:08 +0000
committerMergify <37929162+mergify[bot]@users.noreply.github.com>2024-04-24 05:43:50 +0000
commit9865cd931aa80eccb1052cbef9827740a5285488 (patch)
tree26159cbbf3e50ba0f7f2175023823f286c99721a /src/etc/rsyslog.conf
parent2ea5aa9b5832a073b4e8d2fcdc7190d01f6a1519 (diff)
downloadvyos-1x-9865cd931aa80eccb1052cbef9827740a5285488.tar.gz
vyos-1x-9865cd931aa80eccb1052cbef9827740a5285488.zip
T6109: Fix remote logging for sudo commands
This fix for bug when `sudo` commands were not send to the remote syslog server. They stop before the directive that includes all configurations `$IncludeConfig /etc/rsyslog.d/*.conf` (cherry picked from commit 7164ad40f5cc47f35c7903626d4d4da048a25113)
Diffstat (limited to 'src/etc/rsyslog.conf')
-rw-r--r--src/etc/rsyslog.conf30
1 files changed, 15 insertions, 15 deletions
diff --git a/src/etc/rsyslog.conf b/src/etc/rsyslog.conf
index 9781f0835..b3f41acb6 100644
--- a/src/etc/rsyslog.conf
+++ b/src/etc/rsyslog.conf
@@ -15,21 +15,6 @@ $KLogPath /proc/kmsg
#### GLOBAL DIRECTIVES ####
###########################
-# The lines below cause all listed daemons/processes to be logged into
-# /var/log/auth.log, then drops the message so it does not also go to the
-# regular syslog so that messages are not duplicated
-
-$outchannel auth_log,/var/log/auth.log
-if $programname == 'CRON' or
- $programname == 'sudo' or
- $programname == 'su'
- then :omfile:$auth_log
-
-if $programname == 'CRON' or
- $programname == 'sudo' or
- $programname == 'su'
- then stop
-
# Use traditional timestamp format.
# To enable high precision timestamps, comment out the following line.
# A modern-style logfile format similar to TraditionalFileFormat, buth with high-precision timestamps and timezone information
@@ -60,6 +45,21 @@ $Umask 0022
#
$IncludeConfig /etc/rsyslog.d/*.conf
+# The lines below cause all listed daemons/processes to be logged into
+# /var/log/auth.log, then drops the message so it does not also go to the
+# regular syslog so that messages are not duplicated
+
+$outchannel auth_log,/var/log/auth.log
+if $programname == 'CRON' or
+ $programname == 'sudo' or
+ $programname == 'su'
+ then :omfile:$auth_log
+
+if $programname == 'CRON' or
+ $programname == 'sudo' or
+ $programname == 'su'
+ then stop
+
###############
#### RULES ####
###############