auditd start failure
zhu xiuming
xiumingzhu at gmail.com
Fri Aug 16 18:48:37 UTC 2013
Thanks you so much for the quick response. I just want to send out this
email. Because I use auditd -f to find out it was still the permission
issue of audit.log.
What I wanted to do is let someone else able to read the audit.log other
than root. Should I change the log_group setting ? It seems audit.log
permission is 0600. Only root can read it.
On Fri, Aug 16, 2013 at 11:43 AM, Steve Grubb <sgrubb at redhat.com> wrote:
> On Friday, August 16, 2013 11:38:32 AM zhu xiuming wrote:
> > HI
> > Suddently, my auditd can't start. I do not know why.
> > I remember I changed some permission settings on /var/log/audit. However,
> > even I change it back, the auditd cann't be started.
> >
> > I looked at the audit.log. It only shows the daemon is closed
> successfully
> >
> > I wonder whether there is other log file I should look.
>
> Its writes failure messages to /var/log/messages. I sometimes troubleshoot
> issues by starting the daemon by hand in the foreground mode so that
> everything is written to the screen. /sbin/auditd -f
>
> -Steve
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20130816/8776120a/attachment.htm>
More information about the Linux-audit
mailing list