Boyce, Kevin P [US] (AS)
2018-06-04 13:02:04 UTC
All,
After enabling the syslog plugin for audispd and sending logs to a remote server I am seeing every event being written to /var/log/messages locally which is filling up /var.
This is all redundant since local audit logs are kept in /var/log/audit. Is there a way to prevent auditd syslog plugin from writing to /var/log/messages?
Thanks,
Kevin
After enabling the syslog plugin for audispd and sending logs to a remote server I am seeing every event being written to /var/log/messages locally which is filling up /var.
This is all redundant since local audit logs are kept in /var/log/audit. Is there a way to prevent auditd syslog plugin from writing to /var/log/messages?
Thanks,
Kevin