The problem and workaround is described below. I know I could avoid the auth.log from getting filled up by setting firewall policies but in my case this isn’t possible because I need access from anywhere.
Problem: auth.log gets way to big due to brute force ssh attempts.
Make executable that truncates auth.log and add a task-scheduler in the configuration
–copy the vyatta-postconfig-bootup.script to a new file called authlog
cp /config/scripts/vyatta-postconfig-bootup.script /config/scripts/authlog
–edit authlog executable and put in COMMAND: truncate -s 0 /var/log/auth.log
–create a system task-scheduler with an interval of 1 day to clear the auth.log daily
set system task-schedule task AUTH_CLEAR interval 1d
set system task-scheduler task AUTH_CLEAR executable path /config/scripts/authlog
sidenote: this only works for vyos and NOT vyatta because there is no system task-scheduler foreseen.