Merge pull request #3355 from sever-sever/T6109

T6109: Fix remote logging for sudo commands
vyos · Apr 23, 2024 · 5486417 · 5486417
2 parents f3c36e2 + 7164ad4
commit 5486417
Showing 1 changed file with 15 additions and 15 deletions.
diff --git a/src/etc/rsyslog.conf b/src/etc/rsyslog.conf
@@ -15,21 +15,6 @@ $KLogPath /proc/kmsg
 #### GLOBAL DIRECTIVES ####
 ###########################
 
-# The lines below cause all listed daemons/processes to be logged into
-# /var/log/auth.log, then drops the message so it does not also go to the
-# regular syslog so that messages are not duplicated
-
-$outchannel auth_log,/var/log/auth.log
-if  $programname == 'CRON' or
-    $programname == 'sudo' or
-    $programname == 'su'
-    then :omfile:$auth_log
-
-if $programname == 'CRON' or
-    $programname == 'sudo' or
-    $programname == 'su'
-    then stop
-
 # Use traditional timestamp format.
 # To enable high precision timestamps, comment out the following line.
 # A modern-style logfile format similar to TraditionalFileFormat, buth with high-precision timestamps and timezone information
@@ -60,6 +45,21 @@ $Umask 0022
 #
 $IncludeConfig /etc/rsyslog.d/*.conf
 
+# The lines below cause all listed daemons/processes to be logged into
+# /var/log/auth.log, then drops the message so it does not also go to the
+# regular syslog so that messages are not duplicated
+
+$outchannel auth_log,/var/log/auth.log
+if  $programname == 'CRON' or
+    $programname == 'sudo' or
+    $programname == 'su'
+    then :omfile:$auth_log
+
+if $programname == 'CRON' or
+    $programname == 'sudo' or
+    $programname == 'su'
+    then stop
+
 ###############
 #### RULES ####
 ###############