Logging from within kernel
Paul Moore
paul at paul-moore.com
Mon Nov 26 17:54:16 UTC 2018
On Mon, Nov 26, 2018 at 12:06 PM William Roberts
<bill.c.roberts at gmail.com> wrote:
> On Mon, Nov 26, 2018 at 8:48 AM Paul Moore <paul at paul-moore.com> wrote:
> > On Fri, Nov 23, 2018 at 6:47 PM Ranran <ranshalit at gmail.com> wrote:
> > > Hello,
> > >
> > > Is it possible to log all messages from within kernel, (without any
> > > userspace application and daemon) ?
> >
> > If you are not running an audit daemon then the audit records will be
> > written to kernel's ring buffer (look for them in dmesg). This is not
> > really considered ideal (e.g. one drawback is that the output is rate
> > limited), but it can be attractive for small systems with a limited
> > number of audit events; last I checked this is the approach used by
> > Android.
>
> Not since the official merge into mainline. I wrote a libaudit port
> and Android's logd system uses it ...
Good to know, thanks!
--
paul moore
www.paul-moore.com
More information about the Linux-audit
mailing list