Configuring 'auditd' service to not store the audit logs in /var partition

Anti_Evil · February 14, 2014, 10:00am

Hello all,

I've configured 'audit' service to send the audit logs to a remote log server (by using syslog plugin), which is working fine.

However, there is a problem. audit service also tries to write same information (but in binary format) in /var/audit path.

So, Is there anyway to stop audit service from storing the log files in /var partition and instead only use syslog to send the information to remote host ?

Thanks,

bartus11 · February 14, 2014, 10:12am

Maybe try changing

dir:/var/audit

to

dir:

in /etc/security/audit_control , then restart audit daemon (or the server).

Anti_Evil · February 15, 2014, 5:07am

Thank you bartus,

I'll check on this, and I'll be back to update the result.

Thanks,

---------- Post updated 02-15-14 at 01:37 PM ---------- Previous update was 02-14-14 at 07:16 PM ----------

Thank you again, It worked fine