Date: 2016jan12 OS: Linux Q. Linux: How can I avoid the excessive messages in /var/log/messages from dovecot like this: audit: USER_ACCT pid=21508 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="<user>" exe="/usr/libexec/dovecot/auth" hostname=127.0.0.1 addr=127.0.0.1 terminal=dovecot res=success' A. It would be better if there was an option to turn it off. But for now, I have added a filter to /etc/rsyslog.conf:

if $programname == 'audit' and $msg contains 'addr=127.0.0.1' then stop

I don't want to stop all messages from audit since some may be useful. And most of my dovecot logins come from webmail on localhost. Of course, your situation may vary. This needs to be near the stop of /etc/rsyslog.conf ... before any mention of /var/log/messages