What constitutes -f failure?
leam hall
leamhall at gmail.com
Tue Oct 29 20:21:50 UTC 2013
Steve, thanks!
Leam
On Tue, Oct 29, 2013 at 4:17 PM, Steve Grubb <sgrubb at redhat.com> wrote:
> On Tuesday, October 29, 2013 03:51:53 PM leam hall wrote:
> > The -f flag is set to 0, 1, or 2 and specifies what to do on failure. Is
> > that "failure" any logging event? Or just logging events when the backlog
> > is higher than whatever the -b option sets it to?
> >
> > Thanks!
> >
> > Leam
>
> From the auditctl man page:
>
> This option lets you
> determine how you want the kernel to handle critical
> errors.
> Example conditions where this flag is consulted includes:
> trans‐
> mission errors to userspace audit daemon, backlog
> limit
> exceeded, out of kernel memory, and rate limit exceeded.
> The
> default value is 1.
>
> This is only for the kernel. User space error handling is dictated by the
> *_action settings in auditd.conf.
>
> -Steve
>
--
Mind on a Mission <http://leamhall.blogspot.com/>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20131029/d71a7ea0/attachment.htm>
More information about the Linux-audit
mailing list