On Tue, Oct 4, 2016 at 10:58 AM, leam hall <[email protected]> wrote:
> Sort of a followup question. I'm surprised adding "audit.none" to the > "/var/log/messages" line of rsyslog.conf (RHEL 6) works. I didn't think > audit was a full "facility" in whatever rsyslog looks at. Am I more > confused than normal? > It's not. If you look at your main log you should see a message from rsyslogd saying something like "unknown facility 'audit'".
-- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
