Re: [RFC][PATCH] (#6) filesystem auditing

On Wednesday 16 March 2005 11:52, Timothy R. Chavez wrote: Thanks David for the new kernel...I can finally test. :) Then you get one of these in /var/log/messages, too: Mar 17 13:09:23 localhost kernel: Pushed data on cache stack The audit.log also does not show that a rule was entered. Adding a watch alters the config and a message should be sent indicating that a watch was added. For example, adding a normal rule causes this to show up in the logs: type=KERNEL msg=audit(1111083333.271:0): auid 525 added an audit rule Also, when a rule is deleted, you get this kind of message: Mar 17 13:10:49 localhost kernel: Popped data off cache stack These messages about the cache stack might alarm people who aren't used to seeing them. -Steve