EXT :Need help, we are receiving type=SYSCALL with auid=unset event entries
Briane Lin
brlin at us.ibm.com
Wed Jun 4 19:28:32 UTC 2014
Thanks Kevin.
The systems are at RHEL server release 6.5 (Santiago)
audit.conf and audit.rules shown below from two systems.
Briane Lin
IBM Global Technology Services - Americas
Identity and Access Management, Automation Solutions
(Email): brlin at us.ibm.com
(Office): (720) 395-2049
"The only easy day was yesterday."
- US Navy Seals -
From: "Boyce, Kevin P (AS)" <Kevin.Boyce at ngc.com>
To: Briane Lin/Phoenix/IBM at IBMUS
Date: 06/04/2014 07:00 AM
Subject: RE: EXT :Need help, we are receiving type=SYSCALL with
auid=unset event entries
You might get some better help if you can be a bit more specific.
What version of auditd, kernel, etc. are you running?
What do the contents of your audit.rules and auditd.conf files look like?
From: linux-audit-bounces at redhat.com [
mailto:linux-audit-bounces at redhat.com] On Behalf Of Briane Lin
Sent: Tuesday, June 03, 2014 4:29 PM
To: linux-audit at redhat.com
Subject: EXT :Need help, we are receiving type=SYSCALL with auid=unset
event entries
We are receiving LINUX RHEL versions 5 and 6 in our environment with
type=SYSCALL and auid=unset event types.
We are unable to properly monitor an event with AUID=unset, does anyone
know why we are currently seeing these and what is the resolution?
Thanks!
Briane Lin
IBM Global Technology Services - Americas
Identity and Access Management, Automation Solutions
(Email): brlin at us.ibm.com
(Office): (720) 395-2049
"The only easy day was yesterday."
- US Navy Seals -
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20140604/26670c20/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 40899 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20140604/26670c20/attachment.jpe>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 46271 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20140604/26670c20/attachment-0001.jpe>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 44700 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20140604/26670c20/attachment-0002.jpe>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 37978 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20140604/26670c20/attachment-0003.jpe>
More information about the Linux-audit
mailing list