All, After enabling the syslog plugin for audispd and sending logs to a remote server I am seeing every event being written to /var/log/messages locally which is filling up /var.
This is all redundant since local audit logs are kept in /var/log/audit. Is there a way to prevent auditd syslog plugin from writing to /var/log/messages? Thanks, Kevin
-- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
