Good morning. I am trying to get the audit logs to be written only to
audit.log. Currently they are written to audit.log as well as syslog.
Here is my rsyslog.conf file - what am I doing wrong?
module(load="imfile")
module(load="imklog")
module(load="imjournal")
global(net.enableDNS="off" workDirectory=/var/spool/rsyslog"
maxMessageSize="128k")
$IncludeConfig /etc/rsyslog.d/*.conf
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
##################### rules
audit.* ~/var/log/audit/audit.log
auth.warning;authpriv.info ~/var/log/auth.log
*.*;auth,authpriv.none ~/var/log/syslog
cron.info ~/var/log/cron.log
daemon.info ~/var/log/daemon.log
kern.* ~/var/log/kern.log
user.info ~/var/log/user.log
--
Linux-audit mailing list
Linux-audit@redhat.com
https://listman.redhat.com/mailman/listinfo/linux-audit
