audit message output to console
Denise Garrett
dmgarret at us.ibm.com
Wed Jul 20 16:30:05 UTC 2005
Howdy,
When auditd is not running, anything it should have captured will be
printed to the console instead of to the log. So the fact that you are
seeing this on the console is expected.
Denise
Michael C Thompson/Austin/IBM at IBMUS
Sent by: linux-audit-bounces at redhat.com
07/20/2005 11:25 AM
To
linux-audit at redhat.com
cc
Subject
audit message output to console
Hey all,
I am seeing the following output to terminal:
audit(1121876490.976:53271): user pid=8726 uid=0 auid=0 msg='userdel:
op=deleting user from shadow group acct=laf_b res=failed'
audit(1121876490.976:53272): user pid=8726 uid=0 auid=0 msg='userdel:
op=deleting mail file acct=laf_b res=failed'
audit(1121876490.976:53273): user pid=8726 uid=0 auid=0 msg='userdel:
op=deleting home directory acct=laf_b res=success'
audit: *NO* daemon at audit_pid=9283
audit: *NO* daemon at audit_pid=9335
audit: *NO* daemon at audit_pid=9434
audit(1121876521.166:53363): auid=0 removed watch
audit: *NO* daemon at audit_pid=9552
audit(1121876528.766:53387): user pid=9596 uid=0 auid=0 msg='useradd:
op=adding user to group acct=laf_b res=success'
audit(1121876528.766:53388): user pid=9596 uid=0 auid=0 msg='useradd:
op=adding user to shadow group acct=laf_b res=success'
audit(1121876528.766:53389): user pid=9596 uid=0 auid=0 msg='useradd:
op=adding home directory acct=laf_b res=success'
audit(1121876528.856:53390): user pid=9597 uid=0 auid=0 msg='useradd:
op=adding user acct=laf_c res=success'
audit(1121876528.856:53391): user pid=9597 uid=0 auid=0 msg='useradd:
op=adding user to group acct=laf_c res=success'
audit(1121876528.856:53392): user pid=9597 uid=0 auid=0 msg='useradd:
op=adding user to shadow group acct=laf_c res=success'
audit(1121876528.856:53393): user pid=9597 uid=0 auid=0 msg='useradd:
op=adding home directory acct=laf_c res=success'
And I just wanted to make sure this is the intended action when there is
no audit daemon running. (If the audit daemon is running, these messages
are captured & logged). The output to screen is essentially a copy of what
appears in /var/log/messages.
Mike--
Linux-audit mailing list
Linux-audit at redhat.com
http://www.redhat.com/mailman/listinfo/linux-audit
More information about the Linux-audit
mailing list