audit message output to console

Denise Garrett dmgarret at us.ibm.com
Wed Jul 20 16:30:05 UTC 2005 

Howdy,

When auditd is not running, anything it should have captured will be 
printed to the console instead of to the log. So the fact that you are 
seeing this on the console is expected. 

Denise





Michael C Thompson/Austin/IBM at IBMUS 
Sent by: linux-audit-bounces at redhat.com
07/20/2005 11:25 AM

To
linux-audit at redhat.com
cc

Subject
audit message output to console






Hey all,

I am seeing the following output to terminal:

audit(1121876490.976:53271): user pid=8726 uid=0 auid=0 msg='userdel: 
op=deleting user from shadow group acct=laf_b res=failed'
audit(1121876490.976:53272): user pid=8726 uid=0 auid=0 msg='userdel: 
op=deleting mail file acct=laf_b res=failed'
audit(1121876490.976:53273): user pid=8726 uid=0 auid=0 msg='userdel: 
op=deleting home directory acct=laf_b res=success'
audit: *NO* daemon at audit_pid=9283
audit: *NO* daemon at audit_pid=9335
audit: *NO* daemon at audit_pid=9434
audit(1121876521.166:53363): auid=0 removed watch
audit: *NO* daemon at audit_pid=9552
audit(1121876528.766:53387): user pid=9596 uid=0 auid=0 msg='useradd: 
op=adding user to group acct=laf_b res=success'
audit(1121876528.766:53388): user pid=9596 uid=0 auid=0 msg='useradd: 
op=adding user to shadow group acct=laf_b res=success'
audit(1121876528.766:53389): user pid=9596 uid=0 auid=0 msg='useradd: 
op=adding home directory acct=laf_b res=success'
audit(1121876528.856:53390): user pid=9597 uid=0 auid=0 msg='useradd: 
op=adding user acct=laf_c res=success'
audit(1121876528.856:53391): user pid=9597 uid=0 auid=0 msg='useradd: 
op=adding user to group acct=laf_c res=success'
audit(1121876528.856:53392): user pid=9597 uid=0 auid=0 msg='useradd: 
op=adding user to shadow group acct=laf_c res=success'
audit(1121876528.856:53393): user pid=9597 uid=0 auid=0 msg='useradd: 
op=adding home directory acct=laf_c res=success'

And I just wanted to make sure this is the intended action when there is 
no audit daemon running. (If the audit daemon is running, these messages 
are captured & logged). The output to screen is essentially a copy of what 
appears in /var/log/messages.

Mike--
Linux-audit mailing list
Linux-audit at redhat.com
http://www.redhat.com/mailman/listinfo/linux-audit

More information about the Linux-audit mailing list