Re: audit message output to console

Howdy, When auditd is not running, anything it should have captured will be printed to the console instead of to the log. So the fact that you are seeing this on the console is expected. Denise Michael C Thompson/Austin/IBM@IBMUS Sent by: linux-audit-bounces(a)redhat.com 07/20/2005 11:25 AM To linux-audit(a)redhat.com cc Subject audit message output to console Hey all, I am seeing the following output to terminal: audit(1121876490.976:53271): user pid=8726 uid=0 auid=0 msg='userdel: op=deleting user from shadow group acct=laf_b res=failed' audit(1121876490.976:53272): user pid=8726 uid=0 auid=0 msg='userdel: op=deleting mail file acct=laf_b res=failed' audit(1121876490.976:53273): user pid=8726 uid=0 auid=0 msg='userdel: op=deleting home directory acct=laf_b res=success' audit: *NO* daemon at audit_pid=9283 audit: *NO* daemon at audit_pid=9335 audit: *NO* daemon at audit_pid=9434 audit(1121876521.166:53363): auid=0 removed watch audit: *NO* daemon at audit_pid=9552 audit(1121876528.766:53387): user pid=9596 uid=0 auid=0 msg='useradd: op=adding user to group acct=laf_b res=success' audit(1121876528.766:53388): user pid=9596 uid=0 auid=0 msg='useradd: op=adding user to shadow group acct=laf_b res=success' audit(1121876528.766:53389): user pid=9596 uid=0 auid=0 msg='useradd: op=adding home directory acct=laf_b res=success' audit(1121876528.856:53390): user pid=9597 uid=0 auid=0 msg='useradd: op=adding user acct=laf_c res=success' audit(1121876528.856:53391): user pid=9597 uid=0 auid=0 msg='useradd: op=adding user to group acct=laf_c res=success' audit(1121876528.856:53392): user pid=9597 uid=0 auid=0 msg='useradd: op=adding user to shadow group acct=laf_c res=success' audit(1121876528.856:53393): user pid=9597 uid=0 auid=0 msg='useradd: op=adding home directory acct=laf_c res=success' And I just wanted to make sure this is the intended action when there is no audit daemon running. (If the audit daemon is running, these messages are captured & logged). The output to screen is essentially a copy of what appears in /var/log/messages. Mike-- Linux-audit mailing list Linux-audit(a)redhat.com http://www.redhat.com/mailman/listinfo/linux-audit