• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

The Geek Diary

CONCEPTS | BASICS | HOWTO

  • OS
    • Linux
    • CentOS/RHEL
    • Solaris
    • Oracle Linux
    • Linux Services
    • VCS
  • Database
    • oracle
    • oracle 12c
    • ASM
    • mysql
    • MariaDB
    • Data Guard
  • DevOps
    • Docker
    • Shell Scripting
  • Interview Questions
  • Big Data
    • Hadoop
    • Cloudera
    • Hortonworks HDP

How to Stop Audit Log Entries Written to System Logs in CentOS/RHEL 6

By admin

This post explains how to stop audit log entries written to system logs.

1. Check the file /etc/audisp/plugins.d/syslog.conf. By default, the file “/etc/audisp/plugins.d/syslog.conf will have the below line.

args = LOG_INFO

This will allow syslog to log audit logs into /var/log/messages. In addition audit.d will log all the audit events to /var/log/audit/audit.log too and this is the data normally we use to check audit events.

2. Duplicating the entries in /var/log/messages is not required and it will unnecessarily increase the file size and scatter the other kernel related events. To avoid this, follow the below steps.

Change the file “/etc/audisp/plugins.d/syslog.conf” entry as below

From:

args = LOG_INFO

to:

args = LOG_LOCAL0

3. Then change the file “/etc/rsyslog.conf” entry as below

From:

*.info;mail.none;authpriv.none;cron.none /var/log/messages

to

*.info;mail.none;authpriv.none;cron.none;local0.none /var/log/messages

4. Then restart the auditd and rsyslog services.

# service auditd restart
# service rsyslog restart

This will allow audit.d to log audit logs only to /var/log/audit/audit.log and not to /var/log/messages.

Filed Under: CentOS/RHEL 6, Fedora, Linux

Some more articles you might also be interested in …

  1. The locate Command in Linux
  2. How to enable NFS debug logging using rpcdebug
  3. CentOS / RHEL : How to add a null route in Linux
  4. Examples of creating command alias in different shells
  5. How to Disable rpc.quotad Service in CentOS/RHEL 6 and 7
  6. Beginner’s Guide to LVM (Logical Volume Management)
  7. Understanding DNS zone files
  8. CentOS / RHEL 7 : How to install kernel from rescue mode
  9. How to Enable Debug Mode for Chronyd Service in CentOS/RHEL 8
  10. Downgrading an rpm package to a lower version (using “rpm” command)

You May Also Like

Primary Sidebar

Recent Posts

  • Failed to start LSB: Bring up/down networking – On restarting network service CentOS/RHEL (DHCP client)
  • How To Add Timestamps To dmesg Kernel Boot Log in CentOS/RHEL
  • How to disable ICMP redirects on CentOS/RHEL
  • What are Oracle Key Vault Roles
  • Archives
  • Contact Us
  • Copyright

© 2021 · The Geek Diary