Re: Result of auditctl -s
On Monday, April 10, 2017 4:20:37 PM EDT warron.french wrote:
Hi can someone tell me what I need to do, if anything, about failure:
1
after executing *auditctl -s* please?
auditctl also takes a '-i' argument to interpret its output.
I am trying to troubleshoot but cannot find anything that looks
obvious in
either my
*/var/log/audit/audit.log* or my */var/log/messages* files.
I am working on a Puppet Module to implement this stuff and I am not sure
if I am running into a conflict of restarting the auditd service after
either/both of the files /etc/audit/audit.rules or /etc/audit/auditd.conf
are updated.
Its a mode rather than a counter.
-Steve