Audit-1.0.14
Boyce, Kevin P. (Melbourne, FL)
Kevin.Boyce at ngc.com
Wed Oct 11 11:49:00 UTC 2006
I am trying to use a vanilla kernel from kernel.org version 2.6.12 and
2.6.16 with the audit daemon version 1.0.14. I am using ubuntu, so I
have used alien to convert the redhat binary packages for an x86_64
architecture into *.deb files. I can install the deb files and the
audit daemon runs, but it has trouble parsing the audit.rules file. The
error I am getting is "Error sending insert watch request (Invalid
Argument)."
Please help. I have a requirement to use these two kernel versions, and
unfortunately can't use redhat, fedora, or their kernel binaries. I
have recompiled my kernel with auditing turned on. I can look in the
audit.log file and see events being written there when I start and stop
the daemon, so I know the daemon works. I just need to know how to
parse the log file correctly. Also when you bypass the log file and
just use auditctl -w <file to watch>, the same error is returned.
Thanks in advance.
Kevin Boyce
kevin.boyce at ngc.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20061011/f31795e0/attachment.htm>
More information about the Linux-audit
mailing list