From d4fbfa57001d42144a6fde0db96a36ce21f388bf Mon Sep 17 00:00:00 2001
From: Christian Poessinger <christian@poessinger.com>
Date: Sun, 1 Mar 2020 20:30:33 +0100
Subject: syslog: T2086: do not log cron and su to regular syslog

---
 src/etc/rsyslog.d/01-auth.conf | 14 ++++++++++++++
 1 file changed, 14 insertions(+)
 create mode 100644 src/etc/rsyslog.d/01-auth.conf

(limited to 'src/etc/rsyslog.d/01-auth.conf')

diff --git a/src/etc/rsyslog.d/01-auth.conf b/src/etc/rsyslog.d/01-auth.conf
new file mode 100644
index 000000000..cc64099d6
--- /dev/null
+++ b/src/etc/rsyslog.d/01-auth.conf
@@ -0,0 +1,14 @@
+# The lines below cause all listed daemons/processes to be logged into
+# /var/log/auth.log, then drops the message so it does not also go to the
+# regular syslog so that messages are not duplicated
+
+$outchannel auth_log,/var/log/auth.log
+if  $programname == 'CRON' or
+    $programname == 'sudo' or
+    $programname == 'su'
+    then :omfile:$auth_log
+
+if $programname == 'CRON' or
+    $programname == 'sudo' or
+    $programname == 'su'
+    then stop
-- 
cgit v1.2.3