No more auth.log since disabling journald

journald was disabled, #7863 (closed) with the regression that ssh login attempts are now empty.

Adding a little extra sshd file in /etc/rsyslog.d resolves this, but I'm not sure how to work around the anonymization of IPs there?

Adding this file:

/etc/rsyslog.d# cat sshd.conf 
AUTH.* /var/log/auth.log

Produces such entries: Aug 16 20:38:26 hostname sshd[25191]: Accepted publickey for root from 0.0.0.0 port 58250 ssh2: RSA bc:9e:7finger:print

(from redmine: created on 2016-08-16, closed on 2016-08-23)