summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2020-03-01 20:30:33 +0100
committerChristian Poessinger <christian@poessinger.com>2020-03-01 20:30:33 +0100
commitd4fbfa57001d42144a6fde0db96a36ce21f388bf (patch)
treedb87e34014eb19541c04b1bbec1cdc30774125e9
parentfb3eba1d4623e63323c439682e2c7cc2dcb949e1 (diff)
downloadvyos-1x-d4fbfa57001d42144a6fde0db96a36ce21f388bf.tar.gz
vyos-1x-d4fbfa57001d42144a6fde0db96a36ce21f388bf.zip
syslog: T2086: do not log cron and su to regular syslog
-rw-r--r--src/etc/rsyslog.d/01-auth.conf14
-rw-r--r--src/etc/rsyslog.d/sudo.conf9
2 files changed, 14 insertions, 9 deletions
diff --git a/src/etc/rsyslog.d/01-auth.conf b/src/etc/rsyslog.d/01-auth.conf
new file mode 100644
index 000000000..cc64099d6
--- /dev/null
+++ b/src/etc/rsyslog.d/01-auth.conf
@@ -0,0 +1,14 @@
+# The lines below cause all listed daemons/processes to be logged into
+# /var/log/auth.log, then drops the message so it does not also go to the
+# regular syslog so that messages are not duplicated
+
+$outchannel auth_log,/var/log/auth.log
+if $programname == 'CRON' or
+ $programname == 'sudo' or
+ $programname == 'su'
+ then :omfile:$auth_log
+
+if $programname == 'CRON' or
+ $programname == 'sudo' or
+ $programname == 'su'
+ then stop
diff --git a/src/etc/rsyslog.d/sudo.conf b/src/etc/rsyslog.d/sudo.conf
deleted file mode 100644
index 589651f87..000000000
--- a/src/etc/rsyslog.d/sudo.conf
+++ /dev/null
@@ -1,9 +0,0 @@
-# Isolating sudo messages from syslog
-#
-# https://debian-administration.org/article/676/Isolating_sudo_messages_from_syslog
-
-# match if "program name" is equal to "sudo"
-:programname, isequal, "sudo" -/var/log/auth.log
-
-# if we matched this causes the input to be swallowed, preventing further logging.
-& ~