On 14/01/21, Aaron Lewis wrote: > Sorry I mean, kauditd. > > I already killed the auditd daemon, only kernel thread is running > > On Tue, Jan 21, 2014 at 3:59 PM, Aaron Lewis <[email protected]> > wrote: > > Hi, > > > > I'm trying to suppress logs from auditd with sysctl options, > > > > So I set kernel.printk to 4 4 4 4 > > > > And modified KLOGD_OPTIONS to "-x -c 4" > > > > Then I restarted syslogd and klogd > > > > But I still see auditd logs piling up, anything wrong? auditd is using > > kenrel.notice for sure
It'll be hard to seperate the kaudit messages in syslog because it will come through as a kernel type (as opposed to any other type syslog knows how to filter), unless you can filter on "kernel: audit: ", since audit: is a "subtype" of kernel. > > Aaron Lewis - PGP: 0x13714D33 - http://pgp.mit.edu/ > Aaron Lewis - PGP: 0x13714D33 - http://pgp.mit.edu/ - RGB -- Richard Guy Briggs <[email protected]> Senior Software Engineer, Kernel Security, AMER ENG Base Operating Systems, Red Hat Remote, Ottawa, Canada Voice: +1.647.777.2635, Internal: (81) 32635, Alt: +1.613.693.0684x3545 -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
