flooded /var/log/messages by "slice" messages

flooded /var/log/messages by "slice" messages

Thanks to: https://www.golinuxhub.com/2017/12/how-to-redirect-specific-log-messages.html

Create separate configuration file inside /etc/rsyslog.d
 # touch /etc/rsyslog.d/rsyslog_loginauth.conf

# vim /etc/rsyslog.d/rsyslog_loginauth.conf
if $programname == "systemd" and ($msg contains "Starting Session" or $msg contains "Started Session" or $msg contains "Created slice" or $msg contains "Starting user-") then /var/log/login_auth
& stop
Next restart the rsyslog service
# systemctl restart rsyslog
The log messages will be redirected to /var/log/login_auth .

For rotation of the new log file: add to the top of  /etc/logrortate.d/syslog
# vim /etc/logrotate.d/syslog

/var/log/cron
/var/log/maillog
/var/log/messages
/var/log/secure
/var/log/spooler
/var/log/login_auth
{ ...