From 9865cd931aa80eccb1052cbef9827740a5285488 Mon Sep 17 00:00:00 2001
From: Viacheslav Hletenko <v.gletenko@vyos.io>
Date: Tue, 23 Apr 2024 15:43:08 +0000
Subject: T6109: Fix remote logging for sudo commands

This fix for bug when `sudo` commands were not send to the remote
syslog server. They stop before the directive that includes all
configurations `$IncludeConfig /etc/rsyslog.d/*.conf`

(cherry picked from commit 7164ad40f5cc47f35c7903626d4d4da048a25113)
---
 src/etc/rsyslog.conf | 30 +++++++++++++++---------------
 1 file changed, 15 insertions(+), 15 deletions(-)

(limited to 'src/etc')

diff --git a/src/etc/rsyslog.conf b/src/etc/rsyslog.conf
index 9781f0835..b3f41acb6 100644
--- a/src/etc/rsyslog.conf
+++ b/src/etc/rsyslog.conf
@@ -15,21 +15,6 @@ $KLogPath /proc/kmsg
 #### GLOBAL DIRECTIVES ####
 ###########################
 
-# The lines below cause all listed daemons/processes to be logged into
-# /var/log/auth.log, then drops the message so it does not also go to the
-# regular syslog so that messages are not duplicated
-
-$outchannel auth_log,/var/log/auth.log
-if  $programname == 'CRON' or
-    $programname == 'sudo' or
-    $programname == 'su'
-    then :omfile:$auth_log
-
-if $programname == 'CRON' or
-    $programname == 'sudo' or
-    $programname == 'su'
-    then stop
-
 # Use traditional timestamp format.
 # To enable high precision timestamps, comment out the following line.
 # A modern-style logfile format similar to TraditionalFileFormat, buth with high-precision timestamps and timezone information
@@ -60,6 +45,21 @@ $Umask 0022
 #
 $IncludeConfig /etc/rsyslog.d/*.conf
 
+# The lines below cause all listed daemons/processes to be logged into
+# /var/log/auth.log, then drops the message so it does not also go to the
+# regular syslog so that messages are not duplicated
+
+$outchannel auth_log,/var/log/auth.log
+if  $programname == 'CRON' or
+    $programname == 'sudo' or
+    $programname == 'su'
+    then :omfile:$auth_log
+
+if $programname == 'CRON' or
+    $programname == 'sudo' or
+    $programname == 'su'
+    then stop
+
 ###############
 #### RULES ####
 ###############
-- 
cgit v1.2.3