auditd stop suggestion
Michael C Thompson
mcthomps at us.ibm.com
Tue Jun 14 21:29:01 UTC 2005
> Right you need to add a sleep. audit records do not show up
instantaneously.
> How long it takes could be subject to debate. I'd be more interested in
> figuring that out.
I'll look into that, maybe we can find an answer, architecture, hardware &
load dependent of course.
> > As it was explained to me, the way the stop works is when auditd is
told to
> > "stop", the daemon dies,
>
> Not really. It goes through a series of steps to stop processing andwrite
the
> shutdown record. It does not just die.
I think you took it a little too literally, but thats ok. I'll forgive you
this once ;)
> > OK, good point. I remember it being mention during a meeting, but was
there
> > any further discussion about a "auditd stop" & "auditd shutdown"
option?
>
> No.
Deemed unnessecary & therefore pointless to further the debate?
- Mike
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20050614/585fabcd/attachment.htm>
More information about the Linux-audit
mailing list