Red Hat Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation

  • Comments
    • Tags

    How to stop audit logs from going to messages logs

    Posted on

    Hi,

    Audit logs are stored in a separate device and 

    rsyslog.conf
    is updated to send logs to remote server like below

    #audit log
$ModLoad imfile
$InputFileName /var/log/audit/audit.log
$InputFileTag tag_audit_log:
$InputFileStateFile audit_log
$InputFileSeverity info
$InputFileFacility local6
$InputRunFileMonitor
local6.*                                                @@IP:514

    Post this audit logs got updated in 

    /var/log/messages
    apart from 
    audit.log
    file, to stop this I added the below entry in 
    rsyslog.conf
     

    *.info;mail.none;authpriv.none;cron.none;local6.!info;audispd.!info       /var/log/messages

    Post restarting rsyslog.conf none of the logs in 

    /var/log
    is getting updated.

    Which is the correct one to avoid audit logs to be sent to messages logs and allow other logs to get updated.

    Thanks
    Iyappan V

    by

    points

    Responses

    Red Hat LinkedIn YouTube Facebook X, formerly Twitter

    Quick Links

    Help

    Site Info

    Related Sites

    © 2026 Red Hat