Double addition of rule yields two log messages
Linda Knippers
linda.knippers at hp.com
Fri May 19 19:28:18 UTC 2006
Steve Grubb wrote:
> On Friday 19 May 2006 14:47, Linda Knippers wrote:
>
>>But why does ausearch care?
>
> Ausearch doesn't care about this particular setting. Its looking at the config
> to find the log files. The parser is what cares and it is what emitted this
> warning.
But why is it even a warning of the freq value is only valid if flush
is set to incremental?
> As such, you can use ausearch to make sure your config is sane
> before sending sighup to reconfigure the audit daemon.
Sounds like an odd use of ausearch.
>>Seems like if anything cared it would be the auditd but I can't find an
>>error or warning from it anywhere.
>
> Should be in the syslog.
I see it after doing a HUP and when doing an /etc/init.d/auditd restart
but not when auditd starts at boot time.
-- ljk
More information about the Linux-audit
mailing list