This blog is going to do a quick walk through of setting up the centrifydc.conf file to reduce AUDIT_TRAIL trace events in the logs.
By the end of this guide you would be familiar with the process and steps to achieve this task. A few things before we moving forward:
- Q: What is AUDIT_TRAIL?
- A: It is a log for every action on the server. We can track security-relevant events, record the events in a log file, and detect misuse or unauthorized activities by inspecting the audit log files.
For more details about
AUDIT_TRAIL event, please check our product documentation guide:
centrify-audit-events-guide.pdfBefore we implement or modify anything, we will see a lot of
AUDIT_TRAIL traces being generated in both centrifydc.log and messages log. See attached images below.
/var/log/messages
/var/log/centrifydc.log
In order to reduce to logging of
INFO AUDIT_TRAIL, please follow the steps below to achieve the task.
STEP 1:Check what is the logging level in the centrifydc.conf file. By default, it should be shown as INFO or DEBUG (only when you enable addebug on) level.
STEP 2:
Run grep "
log.client.audittrail"
/etc/centrifydc/centrifydc.conf in your Linux terminal.

Note:
log.client.audittrail is an unshipped parameter, so you should not be see anything returned, just like the attached image above.
STEP 3:
Add the
log.client.audittrail parameter with value
WARN in the centrifydc.conf file
STEP 4:
Save the file and run
adreload command
STEP 5:
Use tail command to confirm if there are any AUDIT_TRAIL traces still showing in the log.
Before following required steps, it is easy to tail the AUDIT_TRAIL trace.
After following the required steps, we will be able to see the tremendous improvement.
/var/log/centrifydc.log
/var/log/messages