kauditd is writing too many lines in syslog
Aaron Lewis
the.warl0ck.1989 at gmail.com
Mon Jan 20 05:11:24 UTC 2014
It's still printing logs even I set all printk parameters to zeros:
cat /proc/sys/kernel/printk
0 0 0 0
P.S I'm running kernel 2.6.32
On Mon, Jan 20, 2014 at 12:45 PM, Aaron Lewis
<the.warl0ck.1989 at gmail.com> wrote:
> Hi,
>
> I'm not sure if this is the default behavior,
>
> I'm using audit 2.3.2, and I've configured auditd not to log anything
> (NOLOG option), and I set the queue buffer to 10240 messages.
>
> When the buffer is full or auditd is suddenly killed or for some other
> reason, it seems to write a lot of things to dmesg or
> /var/log/messages
>
> So, did kauditd wrote all these? I already killed auditd process but I
> can still see logs piling up.
>
> Can I ask kauditd not print anything if user space program cannot
> handle that much message?
>
> --
> Best Regards,
> Aaron Lewis - PGP: 0x13714D33 - http://pgp.mit.edu/
> Finger Print: 9F67 391B B770 8FF6 99DC D92D 87F6 2602 1371 4D33
--
Best Regards,
Aaron Lewis - PGP: 0x13714D33 - http://pgp.mit.edu/
Finger Print: 9F67 391B B770 8FF6 99DC D92D 87F6 2602 1371 4D33
More information about the Linux-audit
mailing list