Why aren't SYSCALLS being logged in CentOS kernel (any ideas?)
Robert Evans
bob.evans at jhuapl.edu
Fri Aug 31 17:35:22 UTC 2007
Hmmm....tried auditctl -l and just got
No rules
Not sure what that means. Since I have /etc/audit.rules in place, does that
indicate the syscall auditing part of the kernel is compiled in.
If it isn't what do I need to do to compile it in?
Bob
Steve Grubb wrote:
> On Friday 31 August 2007 11:40:07 Robert Evans wrote:
> > I'm using CentOS, kernel 2.6.18-8.el5. I've compiled audit-1.5.6-1
> and I'm
> > getting USER_AUTH events (logins, su, etc...) but I'm not seeing any
> > syscall events.
> >
> > Any ideas?
>
> Offhand, the rules look Ok. If you can list them back out "auditctl -l" that
> means that the syscall auditing part of the kernel is compiled in and
> partially working. Other than that, I have no idea - I don't use their
> kernel.
>
> -Steve
>
More information about the Linux-audit
mailing list