Usually you can filter for a facility by a facility name. In the case of authpriv which I want to describe now, this is fairly easy:
That will work just fine with rsyslog on any common Linux system.
But, when using Solaris, some things work similar and some work different. In the case of authpriv the name will not work. Thus you have to use a different way to filter for authpriv. Whilst the name will not work, the facility number works. So a possible filter looks like that:
if $syslogfacility == 10 then /var/log/authprivlog
Valid values would be 4 or 10 as described in RFC5424.
How to use authpriv on Solaris