ausearch with message types does not return what I think it would return. (0 matches when adding a user)
Alarie, Maxime
Alarie.Maxime at hydro.qc.ca
Tue Jun 30 15:12:40 UTC 2015
Good day,
I am new with auditd, and got some issues..
For example, When I add or delete a user, I cannot see the entry with ausearch -m ADD_USER, it returns 0 match, BUT its logging it under USER_AUTH. If I do a ausearch -x adduser, ill thee se event audit.log with the EXECVE Type:
# ausearch -x useradd | grep titi
type=EXECVE msg=audit(1435677075.900:49410): argc=2 a0="useradd" a1="titi"
I also tried to find a full description of all message types returned by ausearch -m but could not find any.. Any help on this would be appreciated as well.
Many thanks.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20150630/7245282b/attachment.htm>
More information about the Linux-audit
mailing list