You're almost there! Please answer a few more questions for access to the Applications content. Complete registration
Interested in joining? Complete your registration by providing Areas of Interest here. Register
Note!! Please register for a free account to access the full content and also to participate in Q&A in the community

Oracle Linux: audit Logs are Also Going to /var/log/messages

in Linux

Applies To:

Oracle Cloud Infrastructure - Version N/A and later

Linux x86-64

Symptoms:

/var/log/messages file significantly increase in size and mostly contain the audit service logs. The standard audit log is also populated with the same messages, but there is no apparent reason for the audit logs to be going into /var/log/messages. The /etc/rsyslog.conf file does not contain any abnormal configuration that would justify the audit logs going into /var/log/messages:

*.info;mail.none;authpriv.none;cron.none     /var/log/messages

Cause:

In this particular case, there is a separate drop-in configuration file under /etc/rsyslog.d/ , where the audit log is being read for logging and categorized as local6.info:

Tagged:

Howdy, Stranger!

Log In

To view full details, sign in.

Register

Don't have an account? Click here to get started!