Auditd syslog plugin
Boyce, Kevin P [US] (AS)
Kevin.Boyce at ngc.com
Mon Jun 4 13:02:04 UTC 2018
All,
After enabling the syslog plugin for audispd and sending logs to a remote server I am seeing every event being written to /var/log/messages locally which is filling up /var.
This is all redundant since local audit logs are kept in /var/log/audit. Is there a way to prevent auditd syslog plugin from writing to /var/log/messages?
Thanks,
Kevin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20180604/421cb051/attachment.htm>
More information about the Linux-audit
mailing list