One of my machines has started rebooting for no reason that I can find, possibly power surges as my UPS seems have now have a dead battery.
One difficulty in finding the issue is that the messages file if full of audit messages, which are a waste of space as those same messages also get logged to /var/log/audit as well.
How to turn them off was a question posted on fedoraforum.org that I posted the answer to as I found a similar match on stackexchange, but having rebuilt a few machines and having to search out the answer I posted again I have decided to place the inforamtion in my blog as well, simply so it is easier for me to find.
Adding as the first two lines under the #### RULES #### section in /etc/rsyslog.conf and doing a systemctl restart rsyslog will stop the messages being logged to the messages file, they are still logged to audit.log if you want to look at them.
# no audit
:programname, isequal, "audit" ~
That is not ideal as it logs a depreciated warning and is simply suppression that does not address the source of the problem which is the audit messages being somewhere configured to write to both syslog and the audit log. It does not address the issue as you say, of why the messages are being generated in the first place.
But getting rid of the bulk of the messages being logged to /var/log/messages may help me track down why my machine is rebooting itself… which is a pain as it has a luks encrypted disk(s) so while it tries to restart itself, it cannot.
