Audit messages on console & in logwatch
Steve Grubb
sgrubb at redhat.com
Thu Jun 30 12:31:22 UTC 2005
On Thursday 30 June 2005 08:03, David D. Hagood wrote:
> Logging everything is good, but needlessly bothering root about trivial
> stuff just buries the important messages in the noise.
This is required for CAPP compliant auditing. We are logging only the minimum.
There will probably be a default set of rules distributed with the audit
package that can be installed by the admin to increase the amount of
information collected.
Also, if you truly do not want to keep audit messages, you can minimize the
disk space used by editing /etc/auditd.conf and setting max_log_file to 1 and
num_logs = 2. This will occupy 2 MB of disk space.
-Steve
More information about the fedora-test-list
mailing list