how tell auditd to not log splunk entires?

October 20, 2016 in Uncategorized by Turlach

in audit.rules add

-a exit,never -F path=/opt/splunkforwarder/bin/splunkd -k splunk_exclude

and auditd should no longer log every splunk action as root.