Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. RSyslog>
  3. users
audit logs writing to only audit.log
rsyslog at lists
May 10, 2023, 6:42 AM
Post #1 of 2 (130 views)
Permalink
Good morning. I am trying to get the audit logs to be written only to
audit.log. Currently they are written to audit.log as well as syslog.
Here is my rsyslog.conf file - what a I doing wrong?

module(load="imfile")
module(load="imklog")
module(load="imjournal")

global(net.enableDNS="off" workDirectory=/var/spool/rsyslog"
maxMessageSize="128k")

$IncludeConfig /etc/rsyslog.d/*.conf
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

##################### rules
audit.* ~/var/log/audit/audit.log
auth.warning;authpriv.info ~/var/log/auth.log
*.*;auth,authpriv.none ~/var/log/syslog
cron.info ~/var/log/cron.log
daemon.info ~/var/log/daemon.log
kern.* ~/var/log/kern.log
user.info ~/var/log/user.log
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: audit logs writing to only audit.log [ In reply to ]
rsyslog at lists
May 10, 2023, 7:25 AM
Post #2 of 2 (130 views)
Permalink
> *.*;auth,authpriv.none ~/var/log/syslog

That line writes everything to /var/log/syslog



> On May 10, 2023, at 08:42, kathy lyons via rsyslog <rsyslog@lists.adiscon.com> wrote:
>
> Good morning. I am trying to get the audit logs to be written only to
> audit.log. Currently they are written to audit.log as well as syslog.
> Here is my rsyslog.conf file - what a I doing wrong?
>
> module(load="imfile")
> module(load="imklog")
> module(load="imjournal")
>
> global(net.enableDNS="off" workDirectory=/var/spool/rsyslog"
> maxMessageSize="128k")
>
> $IncludeConfig /etc/rsyslog.d/*.conf
> $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
>
> ##################### rules
> audit.* ~/var/log/audit/audit.log
> auth.warning;authpriv.info ~/var/log/auth.log
> *.*;auth,authpriv.none ~/var/log/syslog
> cron.info ~/var/log/cron.log
> daemon.info ~/var/log/daemon.log
> kern.* ~/var/log/kern.log
> user.info ~/var/log/user.log
> _______________________________________________
> rsyslog mailing list
> https://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards
> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.

_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal