Re: LOG_WARN or LOG_WARNING?
Hey Ryan,
If I put "audit.none" in /etc/rsyslog.conf for the /var/log/messages line,
it prevents audisp from logging there even though audisp to syslog is
turned on.
Our end state is pretty simple, in theory. We want to have 1 copy of audit
events on the system for auditing and send a remote copy elsewhere.
On Tue, Oct 4, 2016 at 11:04 AM, Ryan Sawhill <rsawhill(a)redhat.com> wrote:
On Tue, Oct 4, 2016 at 10:58 AM, leam hall <leamhall(a)gmail.com>
wrote:
> Sort of a followup question. I'm surprised adding "audit.none" to the
> "/var/log/messages" line of rsyslog.conf (RHEL 6) works. I didn't
think
> audit was a full "facility" in whatever rsyslog looks at. Am I more
> confused than normal?
>
It's not. If you look at your main log you should see a message from
rsyslogd saying something like "unknown facility 'audit'".
--
Mind on a Mission <http://leamhall.blogspot.com/>
Attachments:
- attachment.html (text/html — 1.8 KB)