"write_logs = no" not working
Steve Grubb
sgrubb at redhat.com
Mon Mar 6 13:34:59 UTC 2017
On Sun, 5 Mar 2017 20:38:51 -0600
Ian Pilcher <arequipeno at gmail.com> wrote:
> I have a Banana Pi-based firewall system, which runs off a micro-SD
> card and sends all of its logs (including audit events) to a syslog
> server.
>
> I have set "write_logs = no" in /etc/audit/auditd.conf, but the local
> log file is still being written. (Commenting out the log_file line
> causes auditd to abort.)
>
> What do I need to do to disable writing the local file?
>
> (This is audit 2.6.5 on CentOS 7.)
There was a z-stream audit package shipped last week that fixes this. I
suspect it hasn't worked its way through Centos just yet. You can pick
up the srpm in koji if you're in a hurry.
-Steve
More information about the Linux-audit
mailing list