On 7/18/2015 7:08 PM, Alex wrote:
Hi,
Since upgrading from fedora22, auditd is drowning /var/log/messages
with useless information such as this:
Jul 18 19:02:19 orion audit: <audit-2404> pid=6002 uid=0
auid=4294967295 ses=4294967295 msg='op=destroy kind=server
fp=SHA256:b5:7b:76:df:38:16:f3:f5:cd:2f:67:54:9a:2e:68:15:ae:9c:40:50:4f:6d:81:43:0d:54:bd:e2:c5:a0:43:7f
direction=? spid=6002 suid=0 exe="/usr/sbin/sshd" hostname=?
addr=64.1.XX.18 terminal=? res=success'
I've enabled rsyslog because the logs are so much easier to access,
but I'm not using auditd so would like to just turn it off.
/etc/rsyslog.conf BEFORE:
*.info;mail.none;authpriv.none;cron.none /var/log/messages
add:
if $programname == 'audit' then {
action(type="omfile" file="/var/log/kernel.audit.log")
# if $syslogseverity >= 4 then stop # warning
if $syslogseverity >= 5 then stop # notice
# if $syslogseverity >= 6 then stop # info
}
/etc/logrotate.d/syslog add:
/var/log/kernel.audit.log
Ideas for using journalctl to show me the following would be appreciated:
- start at the end of the log
- use shortened hostname
- shows only info in the former /var/log/maillog or /var/log/messages
- piped through a searchable pager
Typing "less /var/log/maillog" requires far less typing, more easily
remembered, and is easily searchable.
Even easier:
alias fmail='/usr/bin/tail -f /var/log/maillog'
alias lmail='/usr/bin/less /var/log/maillog'
Now try:
fmail
lmail
add the aliases to ~/.bashrc to always have them available.
Thanks,
Alex
Bill
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
