How do I stop audit logs from going to /var/log/messages

Comments

How do I stop audit logs from going to /var/log/messages

Currently we have auditd turned on and events are getting sent to /var/log/messages as well as /var/log/audit/audit.log

All our logs go to a central syslog server also...

Having said that we would like to stop the auditd logs from going to "messages" but continue going to /var/log/audit/audit.log and continue being sent to our remote syslog server..

I tried setting /etc/audisp/plugins.d/syslog.conf to "active = no" but that didn't do it.

Can someone tell me how to accomplish this?

Jason

Started 2013-12-20T01:22:41+00:00 by

Jason Greene

Active Contributor 125 points

Responses

Here are the common uses of Markdown.

Code blocks

~~~
Code surrounded in tildes is easier to read
~~~

Links/URLs

[Red Hat Customer Portal](https://access.redhat.com)

Select Your Language

How do I stop audit logs from going to /var/log/messages

Responses

Quick Links

Help

Site Info

Related Sites

About

Red Hat legal and privacy links

Red Hat legal and privacy links

Responses

Quick Links

Help

Site Info

Related Sites

Systems Status

About

Red Hat legal and privacy links

Red Hat legal and privacy links