[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Another question - audit_lost



Hi Steve,
> Out of curiousity, what kernel & audit daemon version were you using?

Running 2.6.11-rc4, auditd 0.6.3

> What were your audit rules?

-f0 -b1024
-a entry,always -S execve
-a entry,always -S open

> Did you change anything in auditd.conf?

Yes, my log file is located in a ram disk, and the settings are
log_file = /etc/audit-open/mnt/audit.log
max_log_file = 30
log_format = RAW
flush = NONE
space_left = 1
space_left_action = IGNORE
disk_full_action = IGNORE

Greetings,
Erich Schubert
--
    erich@(mucl.de|debian.org)      --      GPG Key ID: 4B3A135C    (o_
  To understand recursion you first need to understand recursion.   //\
  Wo befreundete Wege zusammenlaufen, da sieht die ganze Welt für   V_/_
        eine Stunde wie eine Heimat aus. --- Herrmann Hesse


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]