audit console traffic

Thursday, 10 May 2007

Redhat es4 x86 monoproc
Kernel 2.6.9-34.EL
Audit 1.0.12-1.EL4

If I have audit turned on and some syscalls enabled and there is no
listening process then the audit subsystem pours its heart out on the
console

This situation occurs if I start my auditing app (that listens directly to
the audit subsystem using audit_get_reply) dies.

I know I should catch the death signal and disable auditing but is there a
way to stop the audit subsytem doing this anyway. I.e if nobody is listening
then just dump the traffic

I assumed it was syslog doing this but I have nothing in syslog.conf that
points at /dev/console. Maybe its printk doing it

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

audit console traffic