If I am authenticating using PAM, is it a standard/best practice to use pam_unix in syslog tags? Who added pam_unix in below log: vsftpd process or the PAM module itself which was used in authentication?
For example-
Feb 25 13;01:14 hostname vsftpd(pam_unix)[10561]: authentication failure : logname= uid== euuid=0 tty= ruser= rhost=a.b.c.d user=ron
The pam_unix module logs this. See modules/pam_unix/support.c in the pam library sources.