diff --git a/deploy.yml b/deploy.yml
index c1adc4b..3d6966e 100644
--- a/deploy.yml
+++ b/deploy.yml
@@ -49,7 +49,6 @@
     - { role: security, tags: [ 'security' ] }
     - { role: proxy, tags: [ 'proxy', 'adblock' ] }
     - { role: dns_adblocking, tags: ['dns', 'adblock' ] }
-    - { role: logging, tags: [ 'logging' ] }
     - { role: ssh_tunneling, tags: [ 'ssh_tunneling' ] }
     - { role: vpn, tags: [ 'vpn' ] }
 
diff --git a/docs/ADVANCED.md b/docs/ADVANCED.md
index e6af53e..8a7508f 100644
--- a/docs/ADVANCED.md
+++ b/docs/ADVANCED.md
@@ -48,7 +48,6 @@ Server roles:
 - role: vpn, tags: vpn
 - role: dns_adblocking, tags: dns, adblock
 - role: proxy, tags: proxy, adblock
-- role: logging, tags: logging
 - role: security, tags: security
 - role: ssh_tunneling, tags: ssh_tunneling
 
@@ -117,7 +116,6 @@ Possible options for `region`:
 - eu-central-1
 - eu-west-1
 - eu-west-2
-- sa-east-1
 
 Additional tags:
 
diff --git a/docs/ROLES.md b/docs/ROLES.md
index f43e6f8..5c90007 100644
--- a/docs/ROLES.md
+++ b/docs/ROLES.md
@@ -24,9 +24,6 @@
 * **DNS-based Adblocking**
   * Install the [dnsmasq](http://www.thekelleys.org.uk/dnsmasq/doc.html) local resolver with a blacklist for advertising domains
   * Constrains dnsmasq with AppArmor and cgroups CPU and memory limitations
-* **Security Monitoring and Logging**
-  * Configures [auditd](https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Security_Guide/chap-system_auditing.html) and rsyslog to log data useful for investigating security incidents
-  * Sends logs to a configured email address on a regular basis
 * **SSH Tunneling**
   * Adds a restricted `algo` group with no shell access and limited SSH forwarding options
   * Creates one limited, local account per user and an SSH public key for each
diff --git a/roles/logging/handlers/main.yml b/roles/logging/handlers/main.yml
deleted file mode 100644
index 9dcd122..0000000
--- a/roles/logging/handlers/main.yml
+++ /dev/null
@@ -1,5 +0,0 @@
-- name: restart rsyslog
-  service: name=rsyslog state=restarted
-
-- name: restart auditd
-  service: name=auditd state=restarted
diff --git a/roles/logging/meta/main.yml b/roles/logging/meta/main.yml
deleted file mode 100644
index e985f92..0000000
--- a/roles/logging/meta/main.yml
+++ /dev/null
@@ -1,4 +0,0 @@
----
-
-dependencies:
-  - { role: common, tags: common }
diff --git a/roles/logging/tasks/main.yml b/roles/logging/tasks/main.yml
deleted file mode 100644
index 467de88..0000000
--- a/roles/logging/tasks/main.yml
+++ /dev/null
@@ -1,35 +0,0 @@
-# Auditd
-
-- name: Auditd installed
-  apt: name=auditd state=latest
-
-- name: Auditd rules configured
-  template: src=audit.rules.j2 dest=/etc/audit/audit.rules
-  notify:
-    - restart auditd
-
-- name: Auditd configured
-  template: src=auditd.conf.j2 dest=/etc/audit/auditd.conf
-  notify:
-    - restart auditd
-
-- name: Enable services
-  service: name=auditd enabled=yes
-
-# Rsyslog
-
-- name: Rsyslog installed
-  apt: name=rsyslog state=latest
-
-- name: Rsyslog configured
-  template: src=rsyslog.conf.j2 dest=/etc/rsyslog.conf
-  notify:
-    - restart rsyslog
-
-- name: Rsyslog CIS configured
-  template: src=CIS.conf.j2 dest=/etc/rsyslog.d/CIS.conf owner=root group=root mode=0644
-  notify:
-    - restart rsyslog
-
-- name: Enable services
-  service: name=rsyslog enabled=yes
diff --git a/roles/logging/templates/CIS.conf.j2 b/roles/logging/templates/CIS.conf.j2
deleted file mode 100644
index 96b3a59..0000000
--- a/roles/logging/templates/CIS.conf.j2
+++ /dev/null
@@ -1,15 +0,0 @@
-*.emerg :omusrmsg:*
-mail.* -/var/log/mail
-mail.info -/var/log/mail.info
-mail.warning -/var/log/mail.warn
-mail.err /var/log/mail.err
-news.crit -/var/log/news/news.crit
-news.err -/var/log/news/news.err
-news.notice -/var/log/news/news.notice
-*.=warning;*.=err -/var/log/warn
-*.crit /var/log/warn
-*.*;mail.none;news.none -/var/log/messages
-local0,local1.* -/var/log/localmessages
-local2,local3.* -/var/log/localmessages
-local4,local5.* -/var/log/localmessages
-local6,local7.* -/var/log/localmessages
\ No newline at end of file
diff --git a/roles/logging/templates/audit.rules.j2 b/roles/logging/templates/audit.rules.j2
deleted file mode 100644
index 3464e2a..0000000
--- a/roles/logging/templates/audit.rules.j2
+++ /dev/null
@@ -1,101 +0,0 @@
-# This file contains the auditctl rules that are loaded
-# whenever the audit daemon is started via the initscripts.
-# The rules are simply the parameters that would be passed
-# to auditctl.
-#
-# First rule - delete all
--D
-
-# Increase the buffers to survive stress events.
-# Make this bigger for busy systems
--b 320
-
-# Feel free to add below this line. See auditctl man page
-
-# Record Events That Modify Date and Time Information
-{% if ansible_architecture == "x86_64" %}
--a always,exit -F arch=b64 -S clock_settime -k time-change
--a always,exit -F arch=b64 -S adjtimex -S settimeofday -k time-change
-{% endif %}
--a always,exit -F arch=b32 -S clock_settime -k time-change
--a always,exit -F arch=b32 -S adjtimex -S settimeofday -S stime -k time-change
--w /etc/localtime -p wa -k time-change
-
-# Record Events That Modify User/Group Information
--w /etc/group -p wa -k identity
--w /etc/passwd -p wa -k identity
--w /etc/gshadow -p wa -k identity
--w /etc/shadow -p wa -k identity
--w /etc/security/opasswd -p wa -k identity
-
-# Record Events That Modify the System's Network Environment
-{% if ansible_architecture == "x86_64" %}
--a exit,always -F arch=b64 -S sethostname -S setdomainname -k system-locale
-{% endif %}
--a exit,always -F arch=b32 -S sethostname -S setdomainname -k system-locale
--w /etc/issue -p wa -k system-locale
--w /etc/issue.net -p wa -k system-locale
--w /etc/hosts -p wa -k system-locale
--w /etc/network/interfaces -p wa -k system-locale
-
-# Collect Login and Logout Events
--w /var/log/faillog -p wa -k logins
--w /var/log/lastlog -p wa -k logins
--w /var/log/tallylog -p wa -k logins
-
-#  Collect Session Initiation Information 
--w /var/run/utmp -p wa -k session
--w /var/log/wtmp -p wa -k session
--w /var/log/btmp -p wa -k session
-
-# Collect Discretionary Access Control Permission Modification Events
-{% if ansible_architecture == "x86_64" %}
--a always,exit -F arch=b64 -S chmod -S fchmod -S fchmodat -F auid>=500 -F auid!=4294967295 -k perm_mod
--a always,exit -F arch=b64 -S chown -S fchown -S fchownat -S lchown -F auid>=500 -F auid!=4294967295 -k perm_mod
--a always,exit -F arch=b64 -S setxattr -S lsetxattr -S fsetxattr -S removexattr -S lremovexattr -S fremovexattr -F auid>=500 -F auid!=4294967295 -k perm_mod
-{% endif %}
--a always,exit -F arch=b32 -S chmod -S fchmod -S fchmodat -F auid>=500 -F auid!=4294967295 -k perm_mod
--a always,exit -F arch=b32 -S chown -S fchown -S fchownat -S lchown -F auid>=500 -F auid!=4294967295 -k perm_mod
--a always,exit -F arch=b32 -S setxattr -S lsetxattr -S fsetxattr -S removexattr -S lremovexattr -S fremovexattr -F auid>=500 -F auid!=4294967295 -k perm_mod
-
-# Collect Unsuccessful Unauthorized Access Attempts to Files
-{% if ansible_architecture == "x86_64" %}
--a always,exit -F arch=b64 -S creat -S open -S openat -S truncate -F exit=-EACCES -F auid>=500 -F auid!=4294967295 -k access
--a always,exit -F arch=b64 -S creat -S open -S openat -S truncate -F exit=-EPERM -F auid>=500 -F auid!=4294967295 -k access
-{% endif %}
--a always,exit -F arch=b32 -S creat -S open -S openat -S truncate -S ftruncate -F exit=-EACCES -F auid>=500 -F auid!=4294967295 -k access
--a always,exit -F arch=b32 -S creat -S open -S openat -S truncate -S ftruncate -F exit=-EPERM -F auid>=500 -F auid!=4294967295 -k access
-
-# Collect Use of Privileged Commands
-{% if privileged_programs is defined and privileged_programs.stdout_lines|length > 0 %}
-{{ privileged_programs.stdout }}
-{% endif %}
-
-# Collect Successful File System Mounts
-{% if ansible_architecture == "x86_64" %}
--a always,exit -F arch=b64 -S mount -F auid>=500 -F auid!=4294967295 -k mounts
-{% endif %}
--a always,exit -F arch=b32 -S mount -F auid>=500 -F auid!=4294967295 -k mounts
-
-# Collect File Deletion Events by User
-{% if ansible_architecture == "x86_64" %}
--a always,exit -F arch=b64 -S unlink -S unlinkat -S rename -S renameat -F auid>=500 -F auid!=4294967295 -k delete
-{% endif %}
--a always,exit -F arch=b32 -S unlink -S unlinkat -S rename -S renameat -F auid>=500 -F auid!=4294967295 -k delete
-    
-# Collect Changes to System Administration Scope
--w /etc/sudoers -p wa -k scope
-
-# Collect System Administrator Actions (sudolog)
--w /var/log/sudo.log -p wa -k actions
-
-# Collect Kernel Module Loading and Unloading
-{% if ansible_architecture == "x86_64" %}
--a always,exit -F arch=b64 -S init_module -S delete_module -k modules
-{% endif %}
--a always,exit -F arch=b32 -S init_module -S delete_module -k modules 
--w /sbin/insmod -p x -k modules
--w /sbin/rmmod -p x -k modules
--w /sbin/modprobe -p x -k modules
-
--e 2
diff --git a/roles/logging/templates/auditd.conf.j2 b/roles/logging/templates/auditd.conf.j2
deleted file mode 100644
index 24aac73..0000000
--- a/roles/logging/templates/auditd.conf.j2
+++ /dev/null
@@ -1,32 +0,0 @@
-#
-# This file controls the configuration of the audit daemon
-#
-
-log_file = /var/log/audit/audit.log
-log_format = RAW
-log_group = root
-priority_boost = 4
-flush = INCREMENTAL
-freq = 20
-num_logs = 5
-disp_qos = lossy
-dispatcher = /sbin/audispd
-name_format = NONE
-##name = mydomain
-max_log_file = 10
-max_log_file_action = keep_logs
-space_left = 75
-space_left_action = email
-action_mail_acct = {{ auditd_action_mail_acct }}
-admin_space_left = 50
-admin_space_left_action = email
-disk_full_action = SUSPEND
-disk_error_action = SUSPEND
-##tcp_listen_port = 
-tcp_listen_queue = 5
-tcp_max_per_addr = 1
-##tcp_client_ports = 1024-65535
-tcp_client_max_idle = 0
-enable_krb5 = no
-krb5_principal = auditd
-##krb5_key_file = /etc/audit/audit.key
\ No newline at end of file
diff --git a/roles/logging/templates/rsyslog.conf.j2 b/roles/logging/templates/rsyslog.conf.j2
deleted file mode 100644
index 2551380..0000000
--- a/roles/logging/templates/rsyslog.conf.j2
+++ /dev/null
@@ -1,61 +0,0 @@
-#  /etc/rsyslog.conf    Configuration file for rsyslog.
-#
-#           For more information see
-#           /usr/share/doc/rsyslog-doc/html/rsyslog_conf.html
-#
-#  Default logging rules can be found in /etc/rsyslog.d/50-default.conf
-
-#
-#################
-#### MODULES ####
-#################
-
-module(load="imuxsock") # provides support for local system logging
-module(load="imklog")   # provides kernel logging support
-#module(load="immark")  # provides --MARK-- message capability
-
-# provides UDP syslog reception
-#module(load="imudp")
-#input(type="imudp" port="514")
-
-# provides TCP syslog reception
-#module(load="imtcp")
-#input(type="imtcp" port="514")
-
-# Enable non-kernel facility klog messages
-$KLogPermitNonKernelFacility on
-
-###########################
-#### GLOBAL DIRECTIVES ####
-###########################
-
-#
-# Use traditional timestamp format.
-# To enable high precision timestamps, comment out the following line.
-#
-$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
-
-# Filter duplicated messages
-$RepeatedMsgReduction on
-
-#
-# Set the default permissions for all log files.
-#
-$FileOwner syslog
-$FileGroup adm
-$FileCreateMode 0640
-$DirCreateMode 0755
-$Umask 0022
-$PrivDropToUser syslog
-$PrivDropToGroup syslog
-
-#
-# Where to place spool and state files
-#
-$WorkDirectory /var/spool/rsyslog
-
-#
-# Include all config files in /etc/rsyslog.d/
-#
-$IncludeConfig /etc/rsyslog.d/*.conf
-