Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

[HOWTO] reduce the logging of INFO AUDIT_TRAIL?

28 June,19 at 07:50 PM

This blog is going to do a quick walk through of setting up the centrifydc.conf file to reduce AUDIT_TRAIL trace events in the logs.
By the end of this guide you would be familiar with the process and steps to achieve this task. 


A few things before we moving forward:
  • Q: What is AUDIT_TRAIL?
  • A: It is a log for every action on the server. We can track security-relevant events, record the events in a log file, and detect misuse or unauthorized activities by inspecting the audit log files.
For more details about AUDIT_TRAIL event, please check our product documentation guide: centrify-audit-events-guide.pdf

Before we implement or modify anything, we will see a lot of AUDIT_TRAIL traces being generated in both centrifydc.log and messages log. See attached images below.

/var/log/messages
User-added image

/var/log/centrifydc.log
User-added image

In order to reduce to logging of INFO AUDIT_TRAIL, please follow the steps below to achieve the task.

STEP 1:
Check what is the logging level in the centrifydc.conf file. By default, it should be shown as INFO or DEBUG (only when you enable addebug on) level.
User-added image
User-added image

STEP 2:
Run grep "log.client.audittrail" /etc/centrifydc/centrifydc.conf in your Linux terminal.
User-added image

Note: log.client.audittrail is an unshipped parameter, so you should not be see anything returned, just like the attached image above. 

STEP 3:
Add the log.client.audittrail parameter with value WARN in the centrifydc.conf file
User-added image

STEP 4:
Save the file and run adreload command
User-added image

STEP 5:
Use tail command to confirm if there are any AUDIT_TRAIL traces still showing in the log.

Before following required steps, it is easy to tail the AUDIT_TRAIL trace.
User-added image



 After following the required steps, we will be able to see the tremendous improvement.

/var/log/centrifydc.log
User-added image


/var/log/messages
User-added image

 

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.