/usr/share/logwatch/default.conf/services/audit.conf is in logwatch 7.4.1-2.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 | ###########################################################################
# $Id: audit.conf 149 2013-06-18 22:18:12Z mtremaine $
###########################################################################
# You can put comments anywhere you want to. They are effective for the
# rest of the line.
# this is in the format of <name> = <value>. Whitespace at the beginning
# and end of the lines is removed. Whitespace before and after the = sign
# is removed. Everything is case *insensitive*.
# Yes = True = On = 1
# No = False = Off = 0
Title = "Kernel Audit"
# Which logfile group...
LogFile = messages
# Only give lines related to the audit service
# Note that audit lines may have something like audit(1114839915.618:0)
# as the service name
# (Some implementations might not precede it with "kernel:")
*OnlyService = (kernel:( \[[ 0-9\.]+\])?)?\s*(type=[0-9]+\s*)?audit.*
*RemoveHeaders
########################################################
# This was written and is maintained by:
# Ron Kuris <swcafe@gmail.com>
#
# Please send all comments, suggestions, bug reports,
# etc, to logwatch-devel@lists.sourceforge.net
########################################################
|