summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2020-03-01 10:09:45 +0100
committerChristian Poessinger <christian@poessinger.com>2020-03-01 10:10:26 +0100
commit9e5933f4a49b4a85e19c964569415af24cdf0e8f (patch)
treefcdf07640ae0c6c418ebc9b038570c912d21a6c1
parentf1505962107f881eaf3eb41ebd99ecb4abcbc1d4 (diff)
downloadvyos-1x-9e5933f4a49b4a85e19c964569415af24cdf0e8f.tar.gz
vyos-1x-9e5933f4a49b4a85e19c964569415af24cdf0e8f.zip
syslog: T2086: move sudo session open/close log entries to auth.log
-rw-r--r--debian/vyos-1x.install1
-rw-r--r--src/etc/rsyslog.d/sudo.conf9
2 files changed, 10 insertions, 0 deletions
diff --git a/debian/vyos-1x.install b/debian/vyos-1x.install
index eb19dafeb..d8388eecc 100644
--- a/debian/vyos-1x.install
+++ b/debian/vyos-1x.install
@@ -1,5 +1,6 @@
etc/dhcp
etc/init.d
+etc/rsyslog.d
etc/systemd
etc/vyos
lib/
diff --git a/src/etc/rsyslog.d/sudo.conf b/src/etc/rsyslog.d/sudo.conf
new file mode 100644
index 000000000..589651f87
--- /dev/null
+++ b/src/etc/rsyslog.d/sudo.conf
@@ -0,0 +1,9 @@
+# Isolating sudo messages from syslog
+#
+# https://debian-administration.org/article/676/Isolating_sudo_messages_from_syslog
+
+# match if "program name" is equal to "sudo"
+:programname, isequal, "sudo" -/var/log/auth.log
+
+# if we matched this causes the input to be swallowed, preventing further logging.
+& ~