Hi,
I am using redhat 6, and trying to create logs for some system call using
the rule given below:
*-a always,exit -F arch=b64 -S chmod -S fchmod -S fchmodat -F auid>=500
-F auid!=4294967295 -k perm_mod*
After running command chmod i was not able to get any log, but when i used
strace command i have seen that syscall have been called.
I also checked that auditd service is running properly.
May you guide me why i am not able to get any log message.
i also checked by writting rule for 32 bit, but problem still not resolved.
--
Bharat Gupta
IIT -Roorkee