Hello all,

                I have audit logging working exactly as I want it now (thanks to you all), but when running ausearch on various systems (not all, which tells me something isn’t consistent) I get a warning:

 

Warning – freq is non-zero and incremental flushing not selected.

 

I saw on the internet a post that (involved you Steve Grubb) in reply to someone else from Date: Fri, 19 May 2006 15:01:37 -0400

 

Here is the part of the thread where you replied Steve:


On Friday 19 May 2006 14:47, Linda Knippers wrote:

> But why does ausearch care?

 

Ausearch doesn't care about this particular setting. Its looking at the config

to find the log files. The parser is what cares and it is what emitted this

warning. As such, you can use ausearch to make sure your config is sane

before sending sighup to reconfigure the audit daemon.

 

> Seems like if anything cared it would be the auditd but I can't find an

> error or warning from it anywhere.

 

Should be in the syslog.

 

-Steve

 

 

The question I have is, even this says “Warning” does it mean there is something I really need to be intensely looking into to prevent issues to come?

 

I do not fully understand the impact of what the flush parameter.  I am also trying to comply with a STIG as well; I think that’s what has caused this message to be presented.

 

 

 

 

Thank you,

 

Warron French, MBA, SCSA