diff --git a/src/etc/rsyslog.conf b/src/etc/rsyslog.conf
index 9781f0835..b3f41acb6 100644
--- a/src/etc/rsyslog.conf
+++ b/src/etc/rsyslog.conf
@@ -1,67 +1,67 @@
 #################
 #### MODULES ####
 #################
 
 $ModLoad imuxsock # provides support for local system logging
 $ModLoad imklog   # provides kernel logging support (previously done by rklogd)
 #$ModLoad immark  # provides --MARK-- message capability
 
 $OmitLocalLogging off
 $SystemLogSocketName /run/systemd/journal/syslog
 
 $KLogPath /proc/kmsg
 
 ###########################
 #### GLOBAL DIRECTIVES ####
 ###########################
 
-# The lines below cause all listed daemons/processes to be logged into
-# /var/log/auth.log, then drops the message so it does not also go to the
-# regular syslog so that messages are not duplicated
-
-$outchannel auth_log,/var/log/auth.log
-if  $programname == 'CRON' or
-    $programname == 'sudo' or
-    $programname == 'su'
-    then :omfile:$auth_log
-
-if $programname == 'CRON' or
-    $programname == 'sudo' or
-    $programname == 'su'
-    then stop
-
 # Use traditional timestamp format.
 # To enable high precision timestamps, comment out the following line.
 # A modern-style logfile format similar to TraditionalFileFormat, buth with high-precision timestamps and timezone information
 #$ActionFileDefaultTemplate RSYSLOG_FileFormat
 # The "old style" default log file format with low-precision timestamps
 $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
 
 # Filter duplicated messages
 $RepeatedMsgReduction on
 
 #
 # Set the default permissions for all log files.
 #
 $FileOwner root
 $FileGroup adm
 $FileCreateMode 0640
 $DirCreateMode 0755
 $Umask 0022
 
 #
 # Stop excessive logging of sudo
 #
 :msg, contains, " pam_unix(sudo:session): session opened for user root(uid=0) by" stop
 :msg, contains, "pam_unix(sudo:session): session closed for user root" stop
 
 #
 # Include all config files in /etc/rsyslog.d/
 #
 $IncludeConfig /etc/rsyslog.d/*.conf
 
+# The lines below cause all listed daemons/processes to be logged into
+# /var/log/auth.log, then drops the message so it does not also go to the
+# regular syslog so that messages are not duplicated
+
+$outchannel auth_log,/var/log/auth.log
+if  $programname == 'CRON' or
+    $programname == 'sudo' or
+    $programname == 'su'
+    then :omfile:$auth_log
+
+if $programname == 'CRON' or
+    $programname == 'sudo' or
+    $programname == 'su'
+    then stop
+
 ###############
 #### RULES ####
 ###############
 # Emergencies are sent to everybody logged in.
 *.emerg                         :omusrmsg:*
\ No newline at end of file