diff --git a/NEWS b/NEWS
index ec788e77f79463e40402b762f5c8a249dddffb7a..f5619302d448d64c160fc92b3a9e9cca7ee2d3d8 100644
--- a/NEWS
+++ b/NEWS
@@ -1,5 +1,8 @@
release/005.007 (unreleased)
+ [newsyslog] Pull out filter-syslog from newsyslog so filtersyslog can
+ be used separately from newsyslog. [adamhl]
+
[ssh] Change the method by which we specify a list of sunetids too
filter via filter-syslog. If you install this version of base you will
need to add to hiera the list of sunetids whose authentication failure
diff --git a/files/newsyslog/etc/filter-syslog.conf b/files/filtersyslog/etc/filter-syslog.conf
similarity index 100%
rename from files/newsyslog/etc/filter-syslog.conf
rename to files/filtersyslog/etc/filter-syslog.conf
diff --git a/manifests/filtersyslog.pp b/manifests/filtersyslog.pp
new file mode 100644
index 0000000000000000000000000000000000000000..2c100dc04725da048f0e0c94480310f250048b58
--- /dev/null
+++ b/manifests/filtersyslog.pp
@@ -0,0 +1,22 @@
+# Install filter-syslog, which we use for auditing system logs, and its
+# basic configuration.
+
+class base::filtersyslog {
+
+ # Install the filter-syslog package.
+ package { 'filter-syslog':
+ ensure => present
+ }
+
+ # Install the default filter-syslog configuration.
+ file {
+ '/etc/filter-syslog.conf':
+ source => 'puppet:///modules/base/filtersyslog/etc/filter-syslog.conf';
+ '/etc/filter-syslog':
+ ensure => directory,
+ recurse => true,
+ purge => true,
+ }
+
+
+}
diff --git a/manifests/newsyslog.pp b/manifests/newsyslog.pp
index 38eaa394c3b34108aaec998e8db6f6dbf163476d..f08597cb003ce00bdd764d4aa16926305f8a136b 100644
--- a/manifests/newsyslog.pp
+++ b/manifests/newsyslog.pp
@@ -4,9 +4,12 @@
# logs, and its basic configuration.
class base::newsyslog {
- package {
- 'filter-syslog': ensure => present;
- 'newsyslog': ensure => present;
+
+ # Install the basic filter-syslog system
+ include base::filtersyslog
+
+ package {'newsyslog':
+ ensure => present;
}
# Disable logrotate, since otherwise it will fight with newsyslog. We could