Another question - audit_lost
Erich Schubert
erich.schubert at gmail.com
Tue Feb 22 19:16:40 UTC 2005
Hi Steve,
> Out of curiousity, what kernel & audit daemon version were you using?
Running 2.6.11-rc4, auditd 0.6.3
> What were your audit rules?
-f0 -b1024
-a entry,always -S execve
-a entry,always -S open
> Did you change anything in auditd.conf?
Yes, my log file is located in a ram disk, and the settings are
log_file = /etc/audit-open/mnt/audit.log
max_log_file = 30
log_format = RAW
flush = NONE
space_left = 1
space_left_action = IGNORE
disk_full_action = IGNORE
Greetings,
Erich Schubert
--
erich@(mucl.de|debian.org) -- GPG Key ID: 4B3A135C (o_
To understand recursion you first need to understand recursion. //\
Wo befreundete Wege zusammenlaufen, da sieht die ganze Welt für V_/_
eine Stunde wie eine Heimat aus. --- Herrmann Hesse
More information about the Linux-audit
mailing list