src/etc/rsyslog.d/sudo.conf


1
2
3
4
5
6
7
8
9

# Isolating sudo messages from syslog
#
# https://debian-administration.org/article/676/Isolating_sudo_messages_from_syslog

# match if "program name" is equal to "sudo"
:programname, isequal, "sudo" -/var/log/auth.log

# if we matched this causes the input to be swallowed, preventing further logging.
& ~