Hi Steve,
Out of curiousity, what kernel & audit daemon version were you
using?
Running 2.6.11-rc4, auditd 0.6.3
What were your audit rules?
-f0 -b1024
-a entry,always -S execve
-a entry,always -S open
Did you change anything in auditd.conf?
Yes, my log file is located in a ram disk, and the settings are
log_file = /etc/audit-open/mnt/audit.log
max_log_file = 30
log_format = RAW
flush = NONE
space_left = 1
space_left_action = IGNORE
disk_full_action = IGNORE
Greetings,
Erich Schubert
--
erich(a)(mucl.de|debian.org) -- GPG Key ID: 4B3A135C (o_
To understand recursion you first need to understand recursion. //\
Wo befreundete Wege zusammenlaufen, da sieht die ganze Welt für V_/_
eine Stunde wie eine Heimat aus. --- Herrmann Hesse