space_left_action

Good news: When I set the space_left_action to syslog and crossed the boundary, I got a syslog message on the next audit event. Subsequent events did not generate any further syslog messages. Then I freed up disk space, sent in a few events for good measure (thinking it would reset the flag) and once again filled the disk past the threshold. Bad news: I didn't get the message again. Should this behavior have happened as I expected and another log message get into the messages log? Or as coded would the auditd need restart? Thx, LCB. -- LC (Lenny) Bruzenak lenny(a)magitekltd.com