Note!! Please register for a free account to access the full content and also to participate in Q&A in the community
Oracle Linux: audit Logs are Also Going to /var/log/messages
in Linux
Applies To:
Oracle Cloud Infrastructure - Version N/A and later
Linux x86-64
Symptoms:
/var/log/messages file significantly increase in size and mostly contain the audit service logs. The standard audit log is also populated with the same messages, but there is no apparent reason for the audit logs to be going into /var/log/messages. The /etc/rsyslog.conf file does not contain any abnormal configuration that would justify the audit logs going into /var/log/messages:
*.info;mail.none;authpriv.none;cron.none /var/log/messages
Cause:
In this particular case, there is a separate drop-in configuration file under /etc/rsyslog.d/ , where the audit log is being read for logging and categorized as local6.info:
Tagged:
0