Re: audit-0.6.7 released
I am using kernel: 2.6.11-1.1176_FC4.
Steve Grubb
<sgrubb(a)redhat.co
m> To
Sent by: Linux Audit Discussion
linux-audit-bounc <linux-audit(a)redhat.com>
es(a)redhat.com cc
Subject
03/10/2005 04:02 Re: audit-0.6.7 released
PM
Please respond to
Linux Audit
Discussion
On Thursday 10 March 2005 15:55, Debora Velarde wrote:
But I'm not sure that enabled really is 1. Because if you start
adding
rules and executing syscalls, the audit records go to /var/log/messages
instead of /var/log/audit.log.
This sounds like the kernel bug that I was chasing over the weekend. What
kernel are you using? I'm using the latest from the yum repo (I think .11)
and don't see this problem.
If enabled is 1 & the pid matches the audit daemon's, the audit daemon had
better get the packets or there's a kernel problem. The kernel decides the
packet disposition between auditd & syslog.
-Steve
--
Linux-audit mailing list
Linux-audit(a)redhat.com
http://www.redhat.com/mailman/listinfo/linux-audit
Attachments:
- ecblank.gif (image/gif — 45 bytes)
- pic19202.gif (image/gif — 1.2 KB)
- graycol.gif (image/gif — 105 bytes)
- attachment.html (text/html — 3.4 KB)
