Clear kernel audit buffer?
Aaron Lewis
the.warl0ck.1989 at gmail.com
Thu Dec 26 00:54:37 UTC 2013
Hi,
I'm doing a stress test on auditd, so I add a rule to monitor "open"
syscall, then I use a c program to generate massive amount of logs.
The program finished and exited.
But I generated too much, if I kill auditd and start it again, I can
still see a lot of type=SYSCALL logs. (But not CWD or PATH)
Can I clear the existing buffer?
--
Best Regards,
Aaron Lewis - PGP: 0xDFE6C29E ( http://keyserver.veridis.com )
Finger Print: 9482 448F C7C3 896C 1DFE 7DD3 2492 A7D0 DFE6 C29E
More information about the Linux-audit
mailing list