去掉message日志文件中su命令的记录

脚本执行需要root权限，但脚本中使用su命令来执行其他命令或脚本，比如使用nginx用户调用日志统计脚本。

在/var/log/message日志中有过多的日志显示

Jun 28 10:28:06 localhost su: (to nginx) chuangyw on noneJun 28 10:28:06 localhost su: (to nginx) chuangyw on noneJun 28 10:28:06 localhost su: (to nginx) chuangyw on noneJun 28 10:28:07 localhost su: (to nginx) chuangyw on noneJun 28 10:28:07 localhost su: (to nginx) chuangyw on noneJun 28 10:28:07 localhost su: (to nginx) chuangyw on noneJun 28 10:28:07 localhost su: (to nginx) chuangyw on noneJun 28 10:28:07 localhost su: (to nginx) chuangyw on noneJun 28 10:28:07 localhost su: (to nginx) chuangyw on noneJun 28 10:28:07 localhost su: (to nginx) chuangyw on noneJun 28 10:28:07 localhost su: (to nginx) chuangyw on noneJun 28 10:28:07 localhost su: (to nginx) chuangyw on noneJun 28 10:28:07 localhost su: (to nginx) chuangyw on noneJun 28 10:28:08 localhost su: (to nginx) chuangyw on noneJun 28 10:28:08 localhost su: (to nginx) chuangyw on noneJun 28 10:28:08 localhost su: (to nginx) chuangyw on noneJun 28 10:28:08 localhost su: (to nginx) chuangyw on noneJun 28 10:28:08 localhost su: (to nginx) chuangyw on noneJun 28 10:28:08 localhost su: (to nginx) chuangyw on noneJun 28 10:28:08 localhost su: (to nginx) chuangyw on none

严重影响message的阅读和过滤；

计划将信息重新建立一个文件保存比如/var/log/su

修改/etc/rsyslog.conf

在message条目中添加：

auth.none

增加条目：

auth.* /var/log/su

# Log anything (except mail) of level info or higher.# Don't log private authentication messages!*.info;mail.none;authpriv.none;cron.none;auth.none                /var/log/messages# The authpriv file has restricted access.authpriv.*                                              /var/log/secureauth.*                                                  /var/log/su# Log all the mail messages in one place.mail.*                                                  -/var/log/maillog

记得重启rsyslog生效

systemctl restart rsyslog.service