Good morning. I am trying to get the audit logs to be written only to
audit.log. Currently they are written to audit.log as well as syslog.
Here is my rsyslog.conf file - what a I doing wrong?
module(load="imfile")
module(load="imklog")
module(load="imjournal")
global(net.enableDNS="off" workDirectory=/var/spool/rsyslog"
maxMessageSize="128k")
$IncludeConfig /etc/rsyslog.d/*.conf
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
##################### rules
audit.* ~/var/log/audit/audit.log
auth.warning;authpriv.info ~/var/log/auth.log
*.*;auth,authpriv.none ~/var/log/syslog
cron.info ~/var/log/cron.log
daemon.info ~/var/log/daemon.log
kern.* ~/var/log/kern.log
user.info ~/var/log/user.log
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
