Re: ausearch message type omissions
On Thursday, July 13, 2017 4:54:39 PM EDT Richard Guy Briggs wrote:
In the process of creating/updating the audit message/record type
dictionary, I stumbled on the following two message types missing from
ausearch -m text:
This one is in the userspace header file. What is its meaning and is it
a printable record?
AUDIT_DAEMON_RECONFIG,1204,Auditd should reconfigure
This is an internal only message that never gets written to disk. This gets
changed into DAEMON_CONFIG and that is what is on-disk.
This was added to test if a daemon was still listening and should be
logged that an attempt was made to replace it.
AUDIT_REPLACE,1329,Replace auditd if this probe unanswerd
These are discarded.
-Steve