The audit logs record each time a file is read or written or otherwise modified. This can be a security requirement at a site. This requirement is not typical. Disabling audit logging will reduce the traffic to the primary operating system disks and reduce the possibilities of filling the /var filesystem.
Update /etc/audit/audit.rules as root and restart auditd.
Find the section similar to:
# /dev/shm/var/lib/solera -A exit,never -F arch=b64 -F dir=/dev/shm/var/lib/solera
# /pfs -A exit,never -F arch=b64 -F dir=/pfs
Add the following lines
# Exclude all files in /var/lib/solera -A exit,never -F arch=b64 -F dir=/var/lib/solera
Restart auditd and syslog-ng with:
service auditd restart;service syslog-ng restart
The /var/log/audit/audit.log will be rotated and start with an empty file.
Imported Document ID: 000024111
Subscribing will provide email updates when this Article is updated. Login is required.