There's a thing that runs on your Fedora server that's auditing everything that happens; this can be great for security. But because of the way it works, it not only logs to the audit file, it also logs to the system log. That's the thing in /var/log/messages that is so useful for working out what's gone wrong when you tried to start up the name server.
The problem is, by the time you look at /var/log/messages to diagnose your nameserver problem, it's full of audit messages, and the ones you want to see have god scrolled up.
So here's what you do.
Edit /etc/rsyslog.conf and add
if $msg contains 'audit' or $programname contains 'audit' then /var/log/myauditlog
if $msg contains 'audit' or $programname contains 'audit' then stop
Then restart the system log with
systemctl restart rsyslog
Hey presto! All the audit logs still go to the myauditlog file, but they don't clutter up the main system log!
No comments:
Post a Comment