Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >

[HOWTO] reduce the logging of INFO AUDIT_TRAIL?

28 June,19 at 07:50 PM

This blog is going to do a quick walk through of setting up the centrifydc.conf file to reduce AUDIT_TRAIL trace events in the logs.
By the end of this guide you would be familiar with the process and steps to achieve this task. 

A few things before we moving forward:
  • Q: What is AUDIT_TRAIL?
  • A: It is a log for every action on the server. We can track security-relevant events, record the events in a log file, and detect misuse or unauthorized activities by inspecting the audit log files.
For more details about AUDIT_TRAIL event, please check our product documentation guide: centrify-audit-events-guide.pdf

Before we implement or modify anything, we will see a lot of AUDIT_TRAIL traces being generated in both centrifydc.log and messages log. See attached images below.

User-added image

User-added image

In order to reduce to logging of INFO AUDIT_TRAIL, please follow the steps below to achieve the task.

Check what is the logging level in the centrifydc.conf file. By default, it should be shown as INFO or DEBUG (only when you enable addebug on) level.
User-added image
User-added image

Run grep "log.client.audittrail" /etc/centrifydc/centrifydc.conf in your Linux terminal.
User-added image

Note: log.client.audittrail is an unshipped parameter, so you should not be see anything returned, just like the attached image above. 

Add the log.client.audittrail parameter with value WARN in the centrifydc.conf file
User-added image

Save the file and run adreload command
User-added image

Use tail command to confirm if there are any AUDIT_TRAIL traces still showing in the log.

Before following required steps, it is easy to tail the AUDIT_TRAIL trace.
User-added image

 After following the required steps, we will be able to see the tremendous improvement.

User-added image

User-added image