I have set up certain audit rules however audit log is filling up with unnecessary events which I don't want to log. is there any way that auditd will log only defined rule-based logs.
OS: -Rhel 7.3
Asked
Active
Viewed 252 times
1 Answers
0
Be more specific please which kind of unwanted entries you are seeing.
In case Selinux is turned on it might be the reason for entries.
hargut
- 3,908
- 7
- 10
-
SELinux is in permissive mode. however, I am trying to exclude all events from the audit log except the rules which I have configured. For Example, I have not configured any rule for service start-stop events but I am getting events in audit logs for each service start and stop command. – Mohit Singhal Oct 19 '18 at 05:42
-
@MohitSinghal The question came up in a similar form over here: https://serverfault.com/questions/954264/reducing-the-verbosity-of-auditd-my-minimal-rules-catch-stuff-they-should-not/954291#954291 – hargut Apr 28 '19 at 09:39