Disable syslog logging for auditd

Question

auditd sending logs to /var/logs/messages we want to disable it. How to do that?

/etc/audisp/plugins.d/syslog.conf

i changee active = no but still sending lots to syslog

You can place filters in syslog at the worst situation.

Rui F Ribeiro
– Rui F Ribeiro

2015-11-19 23:29:15 +00:00
Commented Nov 19, 2015 at 23:29 — Rui F Ribeiro
– Rui F Ribeiro, Commented Nov 19, 2015 at 23:29

cutrightjm · Accepted Answer · 2015-11-20 03:38:19Z

5

Edit /etc/audisp/plugins.d and change args = LOG_INFOto this: args = local6

Then edit /etc/rsyslog.conf and add local6 to the "some catch-all log files" block so it's like this:

*.=info;*.=notice;*.=warn;\
        auth,authpriv.none;\
        cron,daemon.none;\
        mail,news.none;\
        local6.none           -/var/log/messages

Also change the line args = in /etc/audisp/plugins.d to: args = LOG_LOCAL6

This was adapted from this post.

edited Nov 20, 2015 at 3:38

answered Nov 20, 2015 at 3:33

cutrightjm

5,5754 gold badges26 silver badges34 bronze badges

Add a comment |

Stack Exchange Network

Disable syslog logging for auditd

1 Answer 1

You must log in to answer this question.

Hot Network Questions

Disable syslog logging for auditd

1 Answer 1

You must log in to answer this question.

Related

Hot Network Questions