# for logging via TLS (rsyslog-module-gtls)
  # keys/certificates need to be located under /etc/rsyslog.d or permissions need to be adjusted here
  # rsyslog tries to write to the certificates for no reason, so deny this quietly
  deny /etc/rsyslog.d/* w,