From f4ad511f3f2c946568e84adfd75b087e4180ad05 Mon Sep 17 00:00:00 2001
From: Stephen Hemminger <stephen.hemminger@vyatta.com>
Date: Mon, 30 Jun 2008 16:37:53 -0700
Subject: Change syslogging of authorization related commands

For sucessful sudo, just log it at info level.
Capture any security failures/changes into /var/log/auth.log
but skip normal CLI commands

Turn off the builtin sync after each write to /var/log/messages
by putting - before file name; the sync causes a disk write
each time and therefore can be a performance hit during boot.
---
 debian/vyatta-cfg-system.postinst.in |  7 +++++++
 sysconf/syslog.conf                  | 16 ++++++++++++++--
 2 files changed, 21 insertions(+), 2 deletions(-)

diff --git a/debian/vyatta-cfg-system.postinst.in b/debian/vyatta-cfg-system.postinst.in
index 0852319e..8e8b6015 100644
--- a/debian/vyatta-cfg-system.postinst.in
+++ b/debian/vyatta-cfg-system.postinst.in
@@ -57,6 +57,13 @@ EOF
 	echo -e "\n%users ALL=NOPASSWD: ${bindir}/sudo-users/" >> /etc/sudoers
     fi
 
+    # Reduce logging level of good commands
+    if ! grep -q "^Defaults syslog_goodpri" /etc/sudoers; then
+	echo "\nDefaults syslog_goodpri=info" >>/etc/sudoers
+    fi
+	
+    fi
+
     # keep env vars
     if ! grep -q 'env_keep+=VYATTA_*' /etc/sudoers ; then
 	echo "Defaults env_keep+=VYATTA_*" >> /etc/sudoers
diff --git a/sysconf/syslog.conf b/sysconf/syslog.conf
index 4281cfd6..f732affc 100644
--- a/sysconf/syslog.conf
+++ b/sysconf/syslog.conf
@@ -1,2 +1,14 @@
-*.warning	/var/log/messages 
-local7.*	/var/log/messages
+# Standard logfiles by facility
+auth.*;,authpriv.notice	/var/log/auth.log
+
+# Some other (unused) standard entries
+#cron.*			/var/log/cron.log
+#kern.*			-/var/log/kern.log
+#lpr.*			-/var/log/lpr.log
+#mail.*			-/var/log/mail.log
+#user.*			-/var/log/user.log
+
+# Catch-all log file used by CLI
+*.warning;local7.*;\
+	auth,authpriv.none;\
+	cron,daemon.none; -/var/log/messages 
-- 
cgit v1.2.3