log messages
When I restart my auditd daemon, I get a number of messages in
/var/log/messages that look like this:
Nov 2 10:27:25 charon kernel: audit(1194013645.793:6808): auid=500
removed an audit rule
What does this mean? Does it mean that some of my rules in
/etc/audit.rules are improper, and the server is removing them?
TIA,
Bill Tangren