@SURBHI BAKHTIYAR If we do not want to log the line which has "User(null)" in it then we can make use of StringMatchFilter feature of log4j as following:

1). Edit the "/etc/ambari-serevr/conf/log4j.properties" and add the following 3 lines in it Just below to the "audit" log appender.

#### This filter is used to skip the line that contains "User(null)" from being logged ######
log4j.appender.audit.filter.01=org.apache.log4j.varia.StringMatchFilter
log4j.appender.audit.filter.01.StringToMatch=User(null)
log4j.appender.audit.filter.01.AcceptOnMatch=false

.
Now the log4j.properties audit log appender will look like following:

# Audit logging
log4j.logger.audit=INFO,audit
log4j.additivity.audit=false
log4j.appender.audit=org.apache.log4j.rolling.RollingFileAppender
log4j.appender.audit.rollingPolicy=org.apache.log4j.rolling.FixedWindowRollingPolicy
log4j.appender.audit.rollingPolicy.ActiveFileName=${ambari.log.dir}/${ambari.audit.file}
log4j.appender.audit.rollingPolicy.FileNamePattern=${ambari.log.dir}/${ambari.audit.file}-%i.log.gz
log4j.appender.audit.rollingPolicy.maxIndex=13
log4j.appender.audit.triggeringPolicy=org.apache.log4j.rolling.SizeBasedTriggeringPolicy
log4j.appender.audit.triggeringPolicy.maxFileSize=50000000
log4j.appender.audit.layout=org.apache.log4j.PatternLayout\
log4j.appender.audit.layout.ConversionPattern=%m%n

#### This filter is used to skip the line that contains "User(null)" from being logged ###### 
log4j.appender.audit.filter.01=org.apache.log4j.varia.StringMatchFilter
log4j.appender.audit.filter.01.StringToMatch=User(null)
log4j.appender.audit.filter.01.AcceptOnMatch=false

2. Now restart ambari-server

# ambari-server restart

Please check the current timestamp in the ambari-audit log now to see that those User(null) messages will not appear in the log now.

.