26 Oct
2016
26 Oct
'16
11:18 p.m.
m.roth-x6lchVBUigD1P9xLtpHBDw wrote:
why /var/log/messages is getting flooded with Oct 26 11:01:06 <servername> kernel: type=1105 audit (1477494066.569:642430): pid=108551 uid=0
[...]
Is your auditd service running? I believe I've seen cases where auditd was not running, leading to audit-stuff showing up in /var/log/messages
--
Regards,
Troels Arvin