questions about auditing on a new RH 6 box

Tangren, Bill bill.tangren at usno.navy.mil
Fri Jan 14 16:21:12 UTC 2011


I have a new VM running RH 6 server. I put some audit.rules in place, and
now I notice that I am getting 11 MB of audit log entries every half hour.
This server has no users or services running. I am trying to use
audit-viewer to determine which of my rules is creating so much log traffic,
but I don't understand the output enough to be able to tell. The version of
audit is 2.0.4-1 (64 bit). 

Is this the correct forum to ask this question? 

If so, I can provide the audit rules and some of the logs.

---
Bill Tangren
IAM
U.S. Naval Observatory, Washington

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5784 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20110114/50435666/attachment.bin>


More information about the Linux-audit mailing list