From f4ad511f3f2c946568e84adfd75b087e4180ad05 Mon Sep 17 00:00:00 2001
From: Stephen Hemminger <stephen.hemminger@vyatta.com>
Date: Mon, 30 Jun 2008 16:37:53 -0700
Subject: Change syslogging of authorization related commands

For sucessful sudo, just log it at info level.
Capture any security failures/changes into /var/log/auth.log
but skip normal CLI commands

Turn off the builtin sync after each write to /var/log/messages
by putting - before file name; the sync causes a disk write
each time and therefore can be a performance hit during boot.
---
 sysconf/syslog.conf | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

(limited to 'sysconf')

diff --git a/sysconf/syslog.conf b/sysconf/syslog.conf
index 4281cfd6..f732affc 100644
--- a/sysconf/syslog.conf
+++ b/sysconf/syslog.conf
@@ -1,2 +1,14 @@
-*.warning	/var/log/messages 
-local7.*	/var/log/messages
+# Standard logfiles by facility
+auth.*;,authpriv.notice	/var/log/auth.log
+
+# Some other (unused) standard entries
+#cron.*			/var/log/cron.log
+#kern.*			-/var/log/kern.log
+#lpr.*			-/var/log/lpr.log
+#mail.*			-/var/log/mail.log
+#user.*			-/var/log/user.log
+
+# Catch-all log file used by CLI
+*.warning;local7.*;\
+	auth,authpriv.none;\
+	cron,daemon.none; -/var/log/messages 
-- 
cgit v1.2.3