[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

type=PROCTITLE events not being populated in /var/log/audit/audit.log



Hello,

 

I wanted to check if anyone was aware of a setting on RedHat box for enabling the PROCTITLE event type for audit logs?  Is there any difference between RedHat and CentOS?  I have one box running RedHat 7.3 and another running CentOS 7.3, with auditd enabled on both with the same rules.  However, only the RedHat box is populating the event type PROCTITLE – the CentOS box does not.

 

I would like to get the PROCTITLE event type working on my CentOS box as well, if possible, but I cannot find any documentation online about anyone else having this issue and how to resolve.

 

Thanks for your time.

 

Joshua Ammons Advanced SIEM Engineer, Cybersecurity

Global Business Services

Office 479.204.4472 | Mobile 479.595.2291

Joshua Ammons walmart com

 

Walmart 

805 Moberly Ln

Bentonville, AR  72716

Save money. Live better.

 

 


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]