kauditd is writing too many lines in syslog
Richard Guy Briggs
rgb at redhat.com
Mon Jan 20 18:24:50 UTC 2014
On 14/01/20, Steve Grubb wrote:
> On Mon, 20 Jan 2014 12:36:27 -0500
> Richard Guy Briggs <rgb at redhat.com> wrote:
>
> > > Can I ask kauditd not print anything if user space program cannot
> > > handle that much message?
> >
> > Sure, on the kernel boot line you can set audit=0 to disable kaudit,
> > or you can tell the init system to not start auditd.
>
> what if someone never wants events to go to syslog?
Then we need to add a new feature to kaudit to stop them.
This also begs the question of what happens to AUDIT_USER_AVC
messages... This patchwork is messy.
> -Steve
- RGB
--
Richard Guy Briggs <rbriggs at redhat.com>
Senior Software Engineer, Kernel Security, AMER ENG Base Operating Systems, Red Hat
Remote, Ottawa, Canada
Voice: +1.647.777.2635, Internal: (81) 32635, Alt: +1.613.693.0684x3545
More information about the Linux-audit
mailing list