Rsyslogd  is  a  system  utility providing support for message logging.  Support of both internet and unix domain sockets enables this utility to support both local and remote logging.

Started from RHEL6, Redhat uses rsyslogd which is derived from the syslog, but still support origional syslogd.conf format.

Rregardless syslogd or rsyslogd, quite often, people including me get confused when using these two facilities.

log_auth and log_authpriv

You merely can find detail description for them, here is what I got

auth -- is meant to log authentication and authorization related commands
authpriv is for non system authorization messages (for security information of a sensitive nature)

Nothing more.

Seems to me that LOG_AUTHPRIV should be used more sensitive log message, or more securier logging, while LOG_AUTH is for authentication whichis less secuer. Really ?

Current GNU syslog C Library manual has both LOG_AUTH and LOG_AUTHPRIV, but doesn't say clearly which one should be used for what.

My understanding is that it's really depends on you how to use them, rather than the nature different between them.

For example, by default, Linux xinetd TCP wraper uses syslogd for logging.
        log_type        = SYSLOG daemon info
        log_on_failure  = HOST
        log_on_success  = PID HOST DURATION EXIT
So, all services using xinetd TCP wraper will log their logs to daemon facility
daemon.* /var/log/daemon.log
But if you are using xinetd TCP wraper for telnet, rlogin,rsh services etc.. then probably you want to log your xinetd tcp wraper into authpriv facility.
Just change log_type to
log_type=SYSLOG authpriv
That's all.
Similar to sshd, it's configured in /etc/ssh/sshd_config
SyslogFacility AUTHPRIV
Surely you can change it.
As for what information is logged, it's depends application or program, not rsyslog. See How to syslog your program output
Yes, if you do have two different applications which one is less sensitive while the other is, then you can follow the general rule:
LOG_AUTHPRIV is for hiding sensitive log messages inside a protected file, e.g., /var/log/secure
While, use LOG_AUTH for less sensitive logging, for example, log it to /var/log/auth.log
Or, if you don't want to distinct auth and authpriv logging, then probably you can define them in rsyslogd.conf like below
auth,authpriv    /var/log/secure
then applications/programs use  auth or authpriv will be logged into /var/log/secure
Note: in some system, or new rsyslogd version, default logging file is
auth,authpriv    /var/log/auth.log
another way to put two facilities logging together is to have a action configuration in rsyslogd.conf
Something like