Silencing auditd in fedora22
Alex
mysqlstudent at gmail.com
Sat Jul 18 23:08:20 UTC 2015
Hi,
Since upgrading from fedora22, auditd is drowning /var/log/messages
with useless information such as this:
Jul 18 19:02:19 orion audit: <audit-2404> pid=6002 uid=0
auid=4294967295 ses=4294967295 msg='op=destroy kind=server
fp=SHA256:b5:7b:76:df:38:16:f3:f5:cd:2f:67:54:9a:2e:68:15:ae:9c:40:50:4f:6d:81:43:0d:54:bd:e2:c5:a0:43:7f
direction=? spid=6002 suid=0 exe="/usr/sbin/sshd" hostname=?
addr=64.1.XX.18 terminal=? res=success'
I've enabled rsyslog because the logs are so much easier to access,
but I'm not using auditd so would like to just turn it off.
Ideas for using journalctl to show me the following would be appreciated:
- start at the end of the log
- use shortened hostname
- shows only info in the former /var/log/maillog or /var/log/messages
- piped through a searchable pager
Typing "less /var/log/maillog" requires far less typing, more easily
remembered, and is easily searchable.
Thanks,
Alex
More information about the users
mailing list