Hey there! I noticed that audit messages kept being logged to tty1 and were very annoying. However, I would still like to use auditd in my system for extra security. In that case, this is how.
It took a lot of tracking to find out why this happened, and it turned out it was due to the kernel's log level. This will also deal with those pesky internet adapter messages. By default, (at least on my system) the log level was something like "7 4 1 7".
Here's an explanation of log levels from a SuperUser question (https://superuser.com/questions/351387/how-to-stop-kernel-messages-from-flooding-my-console/793692#793692):
$this->bbcode_second_pass_quote('', '
')Reminder of the severity levels and the four values of kernel.printk given by Brian above:
CUR = current severity level; only messages more important than this level are printed
DEF = default severity level assigned to messages with no level
MIN = minimum allowable CUR
BTDEF = boot-time default CUR
On my CentOS: 7 4 1 7
$this->bbcode_second_pass_code('', '
CUR DEF MIN BTDEF
0 - emergency x x
1 - alert x x x
2 - critical x x
3 - error x x
4 - warning x x x
5 - notice x x
6 - informational V V
7 - debug
')
This is too noisy, I just want critical and up (no errors). Unlabeled messages should be regarded as warning, so DEF is good:
$this->bbcode_second_pass_code('', '
CUR DEF MIN BTDEF
0 - emergency x x
1 - alert x x x
2 - critical x x
3 - error V V
4 - warning x
5 - notice
6 - informational
7 - debug
')
Set to: 3 4 1 3