Rsyslogd is a system utility providing support for message logging. Support of both internet and unix domain sockets enables this utility to support both local and remote logging.
Started from RHEL6, Redhat uses rsyslogd which is derived from the syslog, but still support origional syslogd.conf format.
Rregardless syslogd or rsyslogd, quite often, people including me get confused when using these two facilities.
log_auth and log_authpriv
You merely can find detail description for them, here is what I got
auth -- is meant to log authentication and authorization related commands
authpriv is for non system authorization messages (for security information of a sensitive nature)
Seems to me that LOG_AUTHPRIV should be used more sensitive log message, or more securier logging, while LOG_AUTH is for authentication whichis less secuer. Really ?
Current GNU syslog C Library manual has both LOG_AUTH and LOG_AUTHPRIV, but doesn't say clearly which one should be used for what.
My understanding is that it's really depends on you how to use them, rather than the nature different between them.
log_type = SYSLOG daemon info
log_on_failure = HOST
log_on_success = PID HOST DURATION EXIT
LOG_AUTHPRIVis for hiding sensitive log messages inside a protected file, e.g., /var/log/secure
#ifndef LOG_AUTHPRIV #define LOG_AUTHPRIV LOG_AUTH #endif`