auth.notice on syslog server

Michael Sierchio kudzu at
Mon Jun 24 16:28:53 UTC 2013

On Mon, Jun 24, 2013 at 5:35 AM, SWENNEN Rudi
<Rudi.SWENNEN at> wrote:
> Hello FreeBSD-list,
> I have the following two freebsd systems/servers: a server and a client. The syslog of the client is send to the server.
> I was wondering why the auth.notice entry on my server is generating a syslog entry (/dev/console) when I change to root on the client:
> Jun 24 12:01:38 SERVER kernel: Jun 24 12:00:32 CLIENT su: rudi to root on /dev/ttyv0
> Is there a way to "limit" the auth-facility not to log via syslog if the entry in generated from a remote system?

Yes, on the host that sends the logs.

auth.*,authpriv.*:      /var/log/auth

More information about the freebsd-questions mailing list