FW: auid unset
Kirkwood, David A.
DAVID.A.KIRKWOOD at saic.com
Thu Dec 6 20:19:51 UTC 2007
Additionally, this appears to only happen when using the command
aureport -I -w --failed
The other au<search|report> commands I use seem to work correctly.
David A. Kirkwood
>Hi,
>I need some help with configuration. First, I do not remember how to
>tell the version of the auditd I am running. I tried to get it by
>pulling strings with no success. The larger problem is I am configuring
>a RHEL4U5 system. I have a RHEL4U4 system that runs correctly and
>supplies the AUID when specified with aureport. The RHEL4U5 system has
>this parameter as "unset" rather than the AUID or uid or anything else
>to identify who was attempting to run failed commands.
>If someone can help me with what needs to be set, I would appreciate
it.
>I compared all of the obvious files, such as all pam files, the
>audit.rules, auditd.conf and syslog.conf and they all seem to be the
>same.
>Both systems run Linux 2.6.9-42.ELsmp.
>Thanks in advance.
>David A. Kirkwood
--
Linux-audit mailing list
Linux-audit at redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit
More information about the Linux-audit
mailing list