is this message necessary?
Linda Knippers
linda.knippers at hp.com
Wed Nov 9 23:02:32 UTC 2005
As some of us have been experimenting with adding/removing lots of
file system watches, I've noticed that we get one of these messages
in the audit log each time a file system watch is removed, including
during an 'auditctl -D'.
type=CONFIG_CHANGE msg=audit(1131576749.186:1182016): auid=4294967295
removed watch
I'm wondering about the usefulness of this message since it doesn't
identify the watch that's being removed. If we need this message,
shouldn't it identify the watch that's being removed? If we don't need
this message, can we delete it?
-- ljk
More information about the Linux-audit
mailing list