Discussion:
What does audisp/plugins.d/syslog.conf LOG_WARN not show?
leam hall
2018-03-22 19:08:23 UTC
Permalink
(RHEL 6, default audit rpms)

We're trying to cut down on spurious logging but have some logging
mandated (STIG environment). If the syslog.conf file in
audisp/plugins.d/syslog.conf is set with "args = LOG_WARN", will the
events in audit.rules still be logged?

Thanks!

Leam
Steve Grubb
2018-05-03 20:39:11 UTC
Permalink
Post by leam hall
(RHEL 6, default audit rpms)
We're trying to cut down on spurious logging but have some logging
mandated (STIG environment). If the syslog.conf file in
audisp/plugins.d/syslog.conf is set with "args = LOG_WARN", will the
events in audit.rules still be logged?
A little late...but I don't see any answer. It depends on what you have for
/etc/rsyslog.conf. Look for the line containing /var/log/messages and see
what you have. By default, it logs info messages and higher.

-Steve

Loading...