why no LOGOUT event record on some OSes
Richard Guy Briggs
rgb at redhat.com
Wed Oct 20 16:38:58 UTC 2021
On 2021-10-20 22:55, Li Zhijian wrote:
> Hi guys
>
> I'm new to audit, then i observed that there is no LOGOUT event record
> in audit.log on my ubuntu 18.04 and debian 8 OSes, while the centos7.4
> and fedora33 have it.
>
> I google it but get no answer, so am I missing something about the
> audit rules or special audit configuration ?
>
> Below are part of records of audit in my several OSes.
>
> debian 8
This debian is 3 major releases behind which may explain.
> lizhijian at lkp-bingo:~$ sudo aureport -e -i --summary | grep -i USER
> [sudo] password for lizhijian:
> 6 USER_START
> 6 USER_END
> 4 USER_ACCT
> 4 USER_CMD
> 2 USER_AUTH
> 2 USER_LOGIN
>
> ubuntu 18.04
> lizj at FNSTPC:~$ sudo aureport -e -i --summary | grep USER
> 43241 USER_END
> 16946 USER_START
> 16718 USER_ACCT
> 658 USER_AUTH
> 543 USER_CMD
> 255 USER_LOGIN
> 9 USER_ROLE_CHANGE
> 5 USER_ERR
> 2 USER_CHAUTHTOK
> 1 ADD_USER
>
> fedora 33
> [root at iaas-rpma linux]# aureport -e -i --summary | grep USER
> 7356 CRYPTO_KEY_USER
> 2103 USER_START
> 1649 USER_END
> 1268 USER_ACCT
> 1108 USER_ROLE_CHANGE
> 1029 USER_AUTH
> 895 USER_LOGIN
> 789 USER_LOGOUT
> 60 USER_CMD
> 14 USER_ERR
> 3 USER_MGMT
> 3 USER_CHAUTHTOK
> 1 ADD_USER
>
> Thanks
- RGB
--
Richard Guy Briggs <rgb at redhat.com>
Sr. S/W Engineer, Kernel Security, Base Operating Systems
Remote, Ottawa, Red Hat Canada
IRC: rgb, SunRaycer
Voice: +1.647.777.2635, Internal: (81) 32635
More information about the Linux-audit
mailing list