Silencing auditd in fedora22
dwoody5654
dwoody5654 at gmail.com
Sun Jul 19 02:49:49 UTC 2015
On 07/18/2015 06:08 PM, Alex wrote:
> Hi,
> Since upgrading from fedora22, auditd is drowning /var/log/messages
> with useless information such as this:
>
> Jul 18 19:02:19 orion audit: <audit-2404> pid=6002 uid=0
> auid=4294967295 ses=4294967295 msg='op=destroy kind=server
> fp=SHA256:b5:7b:76:df:38:16:f3:f5:cd:2f:67:54:9a:2e:68:15:ae:9c:40:50:4f:6d:81:43:0d:54:bd:e2:c5:a0:43:7f
> direction=? spid=6002 suid=0 exe="/usr/sbin/sshd" hostname=?
> addr=64.1.XX.18 terminal=? res=success'
>
> I've enabled rsyslog because the logs are so much easier to access,
> but I'm not using auditd so would like to just turn it off.
In another thread some one said they added audit=0 to grub.cfg and rebooted.
I have done the same about a week ago with no apparent problems.
You can also use the command:
autditctl -e 0
to turn it off for current running kernel.
David
> Ideas for using journalctl to show me the following would be appreciated:
>
> - start at the end of the log
> - use shortened hostname
> - shows only info in the former /var/log/maillog or /var/log/messages
> - piped through a searchable pager
>
> Typing "less /var/log/maillog" requires far less typing, more easily
> remembered, and is easily searchable.
>
> Thanks,
> Alex
More information about the users
mailing list