I notice that if the auditd service is not running, I see all my audit logs go out on the console, When I start auditd service they go to the appropriate log file. Is there a way to turn this off in the kernel?
Below is my auditd.conf file: log_file = /var/log/audit/audit.log log_format = RAW priority_boost = 3 flush = INCREMENTAL freq = 20 num_logs = 10 max_log_file = 50 max_log_file_action = ROTATE space_left = 750 space_left_action = SYSLOG action_mail_acct = root admin_space_left = 250 admin_space_left_action = SYSLOG disk_full_action = SYSLOG dispatcher = /usr/sbin/SnareDispatcher /sbin/auditspd Ameel Kamboh SIP Core Network and Security Phone: 972.685.4922 (esn 445-4922) Mobile: 978-590-2280 SIP: [EMAIL PROTECTED] email: [EMAIL PROTECTED]
-- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
