Red Hat Customer Portal - Access to 24x7 support and knowledge

How do I stop audit logs from going to /var/log/messages

Currently we have auditd turned on and events are getting sent to /var/log/messages as well as /var/log/audit/audit.log

All our logs go to a central syslog server also...

Having said that we would like to stop the auditd logs from going to "messages" but continue going to /var/log/audit/audit.log and continue being sent to our remote syslog server..

I tried setting /etc/audisp/plugins.d/syslog.conf to "active = no" but that didn't do it.

Can someone tell me how to accomplish this?

Jason

Ansible.com

Red Hat Ecosystem Catalog

Red Hat Hybrid Cloud Console

Red Hat Store

Red Hat Marketplace

Red Hat Summit and AnsibleFest

How do I stop audit logs from going to /var/log/messages

Responses

Quick Links

Help

Site Info

Related Sites

Red Hat legal and privacy links

Red Hat legal and privacy links