<div>Hi,</div><div><br></div><div>I am using redhat 6, and trying to create logs for some system call using the rule given below:</div><div><br></div><div><b>-a always,exit -F arch=b64 -S chmod -S fchmod -S fchmodat -F auid>=500 -F auid!=4294967295 -k perm_mod</b></div>
<div><br></div><div>After running command chmod i was not able to get any log, but when i used strace command i have seen that syscall have been called.</div><div>I also checked that auditd service is running properly.</div>
<div>May you guide me why i am not able to get any log message.</div><div>i also checked by writting rule for 32 bit, but problem still not resolved.</div><div><br></div>-- <br><div>Bharat Gupta </div><span style="color:rgb(0,0,0)">IIT -Roorkee</span><br style="color:rgb(0,0,0)">
<br><br>