[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Audit not taking rules



I have RHEL 4 install (update 5).
aureport seems to be working, so as the /var/log/audit/audit.log
however auditd does not take any of my watch rules
[root master ~]# service auditd restart
Stopping auditd:                                           [  OK  ]
Starting auditd:                                           [  OK  ]
Error sending watch insert request (Invalid argument)
There was an error in line 26 of /etc/audit.rules

When do auditctl -l,
[root master ~]# auditctl -l
No rules
File system watches not supported

Can anyone point me to a solution?
audit version 1.0.15
kernel 2.6.22.5

here is my audit.rules
## Remove any existing rules
-D

## Increase buffer size to handle the increased number of messages.
## Feel free to increase this if the machine panic's
-b 1024

## Set failure mode to panic
-f 2

-w /boot -p wa



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]