kauditd is writing too many lines in syslog
Aaron Lewis
the.warl0ck.1989 at gmail.com
Mon Jan 20 04:45:11 UTC 2014
Hi,
I'm not sure if this is the default behavior,
I'm using audit 2.3.2, and I've configured auditd not to log anything
(NOLOG option), and I set the queue buffer to 10240 messages.
When the buffer is full or auditd is suddenly killed or for some other
reason, it seems to write a lot of things to dmesg or
/var/log/messages
So, did kauditd wrote all these? I already killed auditd process but I
can still see logs piling up.
Can I ask kauditd not print anything if user space program cannot
handle that much message?
--
Best Regards,
Aaron Lewis - PGP: 0x13714D33 - http://pgp.mit.edu/
Finger Print: 9F67 391B B770 8FF6 99DC D92D 87F6 2602 1371 4D33
More information about the Linux-audit
mailing list