[rsyslog-notify] Forum Thread: Why are all my logs going to /var/log/audit/audit.log - (Mode 'post')
noreply at adiscon.com
noreply at adiscon.com
Wed Feb 24 22:21:25 CET 2016
User: reswob
Forumlink: http://kb.monitorware.com/viewtopic.php?p=26369#p26369
Message:
----------
I'm running v8.16 and it's running as root . Below is my config.
#Modules
module(load="imuxsoc")
moudle(load="imklog")
module(load="imudp")
input(type="imudp" port="514")
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
$IncludeConfig /etc/rsyslog.d/*.conf
# Feeds
if $msg contains 'event1' then /var/log/specialservers.log
& stop
if $programname startswith 'CEF' then /var/log/cef.log
& stop
if ($programname == 'named' or $msg contains '%DNSSERVER') then
/var/log/dns.log
& stop
....
if $hostname startswith '10.10.' then /var/log/cleanup.log #catchall
*.info;mail.none;authpriv.non;cron.none /var/log/messages
<other rules for local logging>
The problem is, that when I start rsyslog via /etc/init.d/rsyslogd,
everything is being sent to /var/log/audit/audit.log
but when I start the daemon via the cli, it logs in the places configured
in the /etc/rsyslog.conf file.
Some googling suggested that I needed to turn off audit in the grub.conf,
but I don't have any settings for audit in my grub.conf
Any other suggestions?
More information about the rsyslog-notify
mailing list