How do I stop audit logs from going to /var/log/messages
Currently we have auditd turned on and events are getting sent to /var/log/messages as well as /var/log/audit/audit.log
All our logs go to a central syslog server also...
Having said that we would like to stop the auditd logs from going to "messages" but continue going to /var/log/audit/audit.log and continue being sent to our remote syslog server..
I tried setting /etc/audisp/plugins.d/syslog.conf to "active = no" but that didn't do it.
Can someone tell me how to accomplish this?