Re: [Patch]Fix the error in the output of "auditctl -s" when auditd is stoped
On Thursday 07 August 2008 00:50:45 Chu Li wrote:
When auditd is stoped, "auditctl -s" will show
"pid=0". I think it's not
correct information. It's better to tell users "auditd not started".
At the moment, I don't want to change this behavior. In about a month, I think
we can make updates that change the external behavior. If you want, we can
document this better in man pages that audit pid of 0 means its not running.
Thanks,
-Steve