audit console traffic
Steve Grubb
sgrubb at redhat.com
Sun May 13 17:50:38 UTC 2007
On Thursday 10 May 2007 18:47:59 paul moore wrote:
> I know I should catch the death signal and disable auditing but is there a
> way to stop the audit subsytem doing this anyway. I.e if nobody is
> listening then just dump the traffic
Not without patching the kernel.
> I assumed it was syslog doing this but I have nothing in syslog.conf that
> points at /dev/console. Maybe its printk doing it
You can make it go away with "dmesg -n". I forget what level you have to set
it to to make it stop. But you also lose some kernel events that you might
not want to lose, too.
-Steve
More information about the Linux-audit
mailing list