summaryrefslogtreecommitdiff
path: root/src/etc/rsyslog.d
diff options
context:
space:
mode:
Diffstat (limited to 'src/etc/rsyslog.d')
-rw-r--r--src/etc/rsyslog.d/sudo.conf9
1 files changed, 9 insertions, 0 deletions
diff --git a/src/etc/rsyslog.d/sudo.conf b/src/etc/rsyslog.d/sudo.conf
new file mode 100644
index 000000000..589651f87
--- /dev/null
+++ b/src/etc/rsyslog.d/sudo.conf
@@ -0,0 +1,9 @@
+# Isolating sudo messages from syslog
+#
+# https://debian-administration.org/article/676/Isolating_sudo_messages_from_syslog
+
+# match if "program name" is equal to "sudo"
+:programname, isequal, "sudo" -/var/log/auth.log
+
+# if we matched this causes the input to be swallowed, preventing further logging.
+& ~