How do I stop audit logs from going to /var/log/messages

Latest response

How do I stop audit logs from going to /var/log/messages

Currently we have auditd turned on and events are getting sent to /var/log/messages as well as /var/log/audit/audit.log

All our logs go to a central syslog server also...

Having said that we would like to stop the auditd logs from going to "messages" but continue going to /var/log/audit/audit.log and continue being sent to our remote syslog server..

I tried setting /etc/audisp/plugins.d/syslog.conf to "active = no" but that didn't do it.

Can someone tell me how to accomplish this?

  • Jason

Responses