On 07/18/2015 06:08 PM, Alex wrote:
Hi, Since upgrading from fedora22, auditd is drowning /var/log/messages with useless information such as this: Jul 18 19:02:19 orion audit: <audit-2404> pid=6002 uid=0 auid=4294967295 ses=4294967295 msg='op=destroy kind=server fp=SHA256:b5:7b:76:df:38:16:f3:f5:cd:2f:67:54:9a:2e:68:15:ae:9c:40:50:4f:6d:81:43:0d:54:bd:e2:c5:a0:43:7f direction=? spid=6002 suid=0 exe="/usr/sbin/sshd" hostname=? addr=64.1.XX.18 terminal=? res=success' I've enabled rsyslog because the logs are so much easier to access, but I'm not using auditd so would like to just turn it off.
In another thread some one said they added audit=0 to grub.cfg and rebooted. I have done the same about a week ago with no apparent problems. You can also use the command: autditctl -e 0 to turn it off for current running kernel. David
Ideas for using journalctl to show me the following would be appreciated: - start at the end of the log - use shortened hostname - shows only info in the former /var/log/maillog or /var/log/messages - piped through a searchable pager Typing "less /var/log/maillog" requires far less typing, more easily remembered, and is easily searchable. Thanks, Alex
-- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
