Audit logging initial volume

I turned on audit log to files on a single node cluster. It started generating about 8700 audit events per minute with no one using the cluster. What should be turned off to get this down to a manageable volume?


I'd start by reading through our documentation and this nice blogpost that explains ignore policies

Yes, the doc is pretty good at showing how to exclude things, but not so much on explaining best practices for excluding. It seems to give some hints in the examples, but not why.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.