Fwd: Re: Fw: Audit records for start/stop auditd
Kris Wilson
krisw at us.ibm.com
Wed Apr 6 14:50:15 UTC 2005
linux-audit-bounces at redhat.com wrote on 04/06/2005 08:54:10 AM:
> I wonder if we should have another audit message type AUDIT_TERM. Then in
the
> above function, do an if statement on SIGTERM or SIGKILL and send the
> AUDIT_TERM message type. The message needs to be easily interpreted as
the
> audit system is being terminated.
The current records are type DAEMON, and the messages state, "auditd start"
and "auditd normal halt", so as far as administrator information, it is
already clear what has happened.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20050406/e2c2b520/attachment.htm>
More information about the Linux-audit
mailing list