MAC_IPSEC_EVENT Logged without rules
Diego Woitasen
diego at woitasen.com.ar
Fri Jan 6 03:26:10 UTC 2012
Hi,
I have a machine with IPSEC running (Strongswan) and audit to
register some user events. The weird thing is that I'm getting this
messages logged without having any rule:
Jan 6 00:21:43 nodovpn668 audispd: node=nodovpn668
type=MAC_IPSEC_EVENT msg=audit(1325820103.059:2953): op=SA-notfound
src=172.16.0.59 dst=172.16.0.181 spi=2351148309(0x8c23ad15)
seqno=1463943698
My workaround is: auditctl -a exclude,always -F msgtype=MAC_IPSEC_EVENT
Bug or Am I missing something?
Regards,
Diego
--
Diego Woitasen
More information about the Linux-audit
mailing list