[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: ausearch / policy question



On Wednesday 23 July 2008 18:30:45 LC Bruzenak wrote:
> So my questions are:
> 1: duplicate records above - expected or correct since there were two
> matches - the AVC and also the command?

you'd have to look at the logs to figure that out. ausearch doesn't buffer 
events past one miscompare.

> 2: why is ausearch producing the AVCs?

Maybe you need to be secadmin or auditadmin?

-Steve


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]