[redhat-lspp] DAEMON_END audit record question
Tom Lendacky
toml at us.ibm.com
Thu Apr 5 19:21:35 UTC 2007
When stopping and starting the audit daemon I noticed that the
DAEMON_END audit record contains a subject field. However,
ausearch does not find the record when you perform a search for the
subject. Shouldn't ausearch be able to find the record if it
contains a subject? The DAEMON_START audit record doesn't
contain a subject and this seems a little bit inconsistent. Should
it contain a subject value or does it and the DAEMON_END record
really not require a subject (and thus ausearch not supporting
searching that record by subject)?
Thanks,
Tom Lendacky (toml at us.ibm.com)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/redhat-lspp/attachments/20070405/64705f9f/attachment.htm>
More information about the redhat-lspp
mailing list