What does audisp/plugins.d/syslog.conf LOG_WARN not show?
Steve Grubb
sgrubb at redhat.com
Thu May 3 20:39:11 UTC 2018
On Thursday, March 22, 2018 3:08:23 PM EDT leam hall wrote:
> (RHEL 6, default audit rpms)
>
> We're trying to cut down on spurious logging but have some logging
> mandated (STIG environment). If the syslog.conf file in
> audisp/plugins.d/syslog.conf is set with "args = LOG_WARN", will the
> events in audit.rules still be logged?
A little late...but I don't see any answer. It depends on what you have for
/etc/rsyslog.conf. Look for the line containing /var/log/messages and see
what you have. By default, it logs info messages and higher.
-Steve
More information about the Linux-audit
mailing list