On Wednesday 06 April 2005 11:41, David Woodhouse wrote:
I'm uploading the audit.19 kernel. It has Tim's latest patch
and my
patch to log signals sent to the audit dæmon.
I don't see any messages from the kernel saying a signal was being sent to the
audit daemon. Can you double check it? If you generate a new kernel, can you
include the backlog patch from yesterday?
audit.log:
type=DAEMON msg=auditd(1112904280) auditd start, ver=0.7, format=raw,
pid=2813, uid=0
type=KERNEL msg=audit(1112904280.748:0): audit_enabled=1 old=1 by auid 525
type=KERNEL msg=audit(1112904280.952:0): audit_backlog_limit=1024 old=1024 by
auid 525
type=DAEMON msg=auditd(1112904286) auditd normal halt, pid=2813, uid=0
messages:
Apr 7 16:04:40 localhost auditd[2813]: Init complete, audit pid set to: 2813
Apr 7 16:04:46 localhost auditd[2813]: The audit daemon is exiting.
Apr 7 16:04:46 localhost kernel: audit(1112904286.869:0): audit_pid=0
old=2813 by auid 525
uname:
[root@endeavor ~]# uname -a
Linux endeavor 2.6.9-5.0.3.EL.audit.19 #1 Wed Apr 6 09:10:02 EDT 2005 i686
athlon i386 GNU/Linux
-Steve