sending audit logs only to audit.log via rsyslog
kathy lyons
kathy.lyons at zayo.com
Wed May 10 13:43:04 UTC 2023
Good morning. I am trying to get the audit logs to be written only to
audit.log. Currently they are written to audit.log as well as syslog.
Here is my rsyslog.conf file - what am I doing wrong?
module(load="imfile")
module(load="imklog")
module(load="imjournal")
global(net.enableDNS="off" workDirectory=/var/spool/rsyslog"
maxMessageSize="128k")
$IncludeConfig /etc/rsyslog.d/*.conf
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
##################### rules
audit.* ~/var/log/audit/audit.log
auth.warning;authpriv.info ~/var/log/auth.log
*.*;auth,authpriv.none ~/var/log/syslog
cron.info ~/var/log/cron.log
daemon.info ~/var/log/daemon.log
kern.* ~/var/log/kern.log
user.info ~/var/log/user.log
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20230510/d5b787fe/attachment.htm>
More information about the Linux-audit
mailing list