I'm trying to set up an rsyslog rule so that it logs all auth privilege messages with priority of alert and higher, but its not logging anything. Here is what I changed in /etc/rsyslog.conf:
Code:
...
#commented this out
#authpriv.* /var/log/secure
#added this
authpriv.alert /var/log/my_alert_auth.log
...
I then restarted rsyslog
Code:
# systemctl restart rsyslog
I then tested an alert priority log entry with logger:
Code:
# logger -p alert "This is an alert message"
# cat /var/log/my_alert_auth.log
#
Sure, the test message is set to priority alert, but how do I know its also an authpriv type of message?
I'm a little confused on why logger doesn't have a facility and a priority option. Maybe that's the issue?
SK