<div dir="ltr">
<div><div><div><div><div><div><div><div><div><div><div><div><div><div>Good morning. I am trying to get the audit logs to be written only to audit.log. Currently they are written to audit.log as well as syslog. Here is my rsyslog.conf file - what am I doing wrong?<br><br></div> module(load="imfile")<br></div> module(load="imklog")<br></div> module(load="imjournal")<br><br></div> global(net.enableDNS="off" workDirectory=/var/spool/rsyslog" maxMessageSize="128k")<br> <br></div> $IncludeConfig /etc/rsyslog.d/*.conf<br></div> $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat<br><br></div> ##################### rules<br></div> audit.* ~/var/log/audit/audit.log<br></div> auth.warning;<a href="http://authpriv.info">authpriv.info</a> ~/var/log/auth.log<br></div> *.*;auth,authpriv.none ~/var/log/syslog<br></div> <a href="http://cron.info">cron.info</a> ~/var/log/cron.log<br></div> <a href="http://daemon.info">daemon.info</a> ~/var/log/daemon.log<br></div> kern.* ~/var/log/kern.log<br></div> <a href="http://user.info">user.info</a> ~/var/log/user.log
</div>