Auditd does a lot of logging on FR hosts where it is running. We send the log stream through rsyslog and offhost, so local file logging is unnecessary. I looked at configuration options to disable file logging and they are known to be broken in the version we have available as a stock package. https://bugzilla.redhat.com/show_bug.cgi?id=1382397 I also tried logging to /dev/null as a workaround but that's not possible b/c it will only log to a regular file. So it looks like we have to backport, patch, or wait until the upstream fix makes it into the Debian package.
Description
Description