Sort of a followup question. I'm surprised adding "audit.none" to the "/var/log/messages" line of rsyslog.conf (RHEL 6) works. I didn't think audit was a full "facility" in whatever rsyslog looks at. Am I more confused than normal?

Thanks!

Leam


On Tue, Oct 4, 2016 at 10:36 AM, Steve Grubb <sgrubb@redhat.com> wrote:
On Tuesday, October 4, 2016 10:10:31 AM EDT leam hall wrote:
> For /etc/audisp/plugins.d/syslog.conf, is "LOG_WARN" an accpeted arg, or
> does it need to be "LOG_WARNING"?

LOG_WARNING.

https://fedorahosted.org/audit/browser/trunk/audisp/audispd-builtins.c#L279

-Steve



--
Mind on a Mission