questions about auditing on a new RH 6 box
Tangren, Bill
bill.tangren at usno.navy.mil
Fri Jan 14 16:21:12 UTC 2011
I have a new VM running RH 6 server. I put some audit.rules in place, and
now I notice that I am getting 11 MB of audit log entries every half hour.
This server has no users or services running. I am trying to use
audit-viewer to determine which of my rules is creating so much log traffic,
but I don't understand the output enough to be able to tell. The version of
audit is 2.0.4-1 (64 bit).
Is this the correct forum to ask this question?
If so, I can provide the audit rules and some of the logs.
---
Bill Tangren
IAM
U.S. Naval Observatory, Washington
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5784 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20110114/50435666/attachment.bin>
More information about the Linux-audit
mailing list