questions about auditing on a new RH 6 box
Eric Paris
eparis at redhat.com
Fri Jan 14 16:42:25 UTC 2011
On Fri, 2011-01-14 at 16:21 +0000, Tangren, Bill wrote:
> I have a new VM running RH 6 server. I put some audit.rules in place, and
> now I notice that I am getting 11 MB of audit log entries every half hour.
> This server has no users or services running. I am trying to use
> audit-viewer to determine which of my rules is creating so much log traffic,
> but I don't understand the output enough to be able to tell. The version of
> audit is 2.0.4-1 (64 bit).
>
> Is this the correct forum to ask this question?
>
> If so, I can provide the audit rules and some of the logs.
This is probably the best forum there is. Let us know your troubles.
-Eric
More information about the Linux-audit
mailing list