This blog is going to do a quick walk through of setting up the centrifydc.conf file to reduce AUDIT_TRAIL trace events in the logs.
By the end of this guide you would be familiar with the process and steps to achieve this task. A few things before we moving forward:
- Q: What is AUDIT_TRAIL?
- A: It is a log for every action on the server. We can track security-relevant events, record the events in a log file, and detect misuse or unauthorized activities by inspecting the audit log files.
For more details about AUDIT_TRAIL event
, please check our product documentation guide: centrify-audit-events-guide.pdfBefore
we implement or modify anything, we will see a lot of AUDIT_TRAIL
traces being generated in both centrifydc.log and messages log. See attached images below./var/log/messages/var/log/centrifydc.log
In order to reduce to logging of INFO AUDIT_TRAIL
, please follow the steps below to achieve the task.STEP 1:Check what is the logging level in the centrifydc.conf file. By default, it should be shown as INFO or DEBUG (only when you enable addebug on) level.STEP 2
Run grep "log.client.audittrail
in your Linux terminal.
is an unshipped parameter, so you should not be see anything returned, just like the attached image above. STEP 3
Add the log.client.audittrail
parameter with value WARN
in the centrifydc.conf fileSTEP 4
Save the file and run adreload
Use tail command to confirm if there are any AUDIT_TRAIL traces still showing in the log.Before following required steps, it is easy to tail the AUDIT_TRAIL trace.
After following the required steps, we will be able to see the tremendous improvement.