diff options
| author | Christian Poessinger <christian@poessinger.com> | 2020-03-01 20:30:33 +0100 |
|---|---|---|
| committer | Christian Poessinger <christian@poessinger.com> | 2020-03-01 20:30:33 +0100 |
| commit | d4fbfa57001d42144a6fde0db96a36ce21f388bf (patch) | |
| tree | db87e34014eb19541c04b1bbec1cdc30774125e9 /src/etc | |
| parent | fb3eba1d4623e63323c439682e2c7cc2dcb949e1 (diff) | |
| download | vyos-1x-d4fbfa57001d42144a6fde0db96a36ce21f388bf.tar.gz vyos-1x-d4fbfa57001d42144a6fde0db96a36ce21f388bf.zip | |
syslog: T2086: do not log cron and su to regular syslog
Diffstat (limited to 'src/etc')
| -rw-r--r-- | src/etc/rsyslog.d/01-auth.conf | 14 | ||||
| -rw-r--r-- | src/etc/rsyslog.d/sudo.conf | 9 |
2 files changed, 14 insertions, 9 deletions
diff --git a/src/etc/rsyslog.d/01-auth.conf b/src/etc/rsyslog.d/01-auth.conf new file mode 100644 index 000000000..cc64099d6 --- /dev/null +++ b/src/etc/rsyslog.d/01-auth.conf @@ -0,0 +1,14 @@ +# The lines below cause all listed daemons/processes to be logged into +# /var/log/auth.log, then drops the message so it does not also go to the +# regular syslog so that messages are not duplicated + +$outchannel auth_log,/var/log/auth.log +if $programname == 'CRON' or + $programname == 'sudo' or + $programname == 'su' + then :omfile:$auth_log + +if $programname == 'CRON' or + $programname == 'sudo' or + $programname == 'su' + then stop diff --git a/src/etc/rsyslog.d/sudo.conf b/src/etc/rsyslog.d/sudo.conf deleted file mode 100644 index 589651f87..000000000 --- a/src/etc/rsyslog.d/sudo.conf +++ /dev/null @@ -1,9 +0,0 @@ -# Isolating sudo messages from syslog -# -# https://debian-administration.org/article/676/Isolating_sudo_messages_from_syslog - -# match if "program name" is equal to "sudo" -:programname, isequal, "sudo" -/var/log/auth.log - -# if we matched this causes the input to be swallowed, preventing further logging. -& ~ |