adding syscall rules
Amy Griffis
amy.griffis at hp.com
Thu Jun 9 04:03:40 UTC 2005
Timothy R. Chavez wrote: [Wed Jun 08 2005, 05:24:52PM EDT]
> > I've noticed some odd behavior when adding medium to large numbers of
> > syscall rules. I'm doing my testing on an ia64 system with the
> > audit.56 kernel and the audit-0.9.2 package.
<snip>
> I've seen similar problems with watches (when inserting and triggering
> them immediately after). I've yet to hear of or see a solution to this
> problem. But, I know Steve had commented earlier on the hard limit of
> 30 phenomena and a fix for it.
Okay, great. I guess I missed that mail.
> Is there any way you can join the IRC channel (irc.freenode.net/6667)
> #audit -- We're mostly all there in the late morning between 10 - 12 CST.
Sure, thanks for the invite.
Amy
More information about the Linux-audit
mailing list