is this message necessary?

Wednesday, 9 November 2005

As some of us have been experimenting with adding/removing lots of
file system watches, I've noticed that we get one of these messages
in the audit log each time a file system watch is removed, including
during an 'auditctl -D'.

type=CONFIG_CHANGE msg=audit(1131576749.186:1182016): auid=4294967295 
removed watch

I'm wondering about the usefulness of this message since it doesn't
identify the watch that's being removed.  If we need this message,
shouldn't it identify the watch that's being removed?  If we don't need
this message, can we delete it?

-- ljk

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

is this message necessary?