On Friday 19 May 2006 14:06, Linda Knippers wrote: > Wow, not very intuitive. The auditctl manpage talks about lists > by name (entry, exclude, etc), not by number.
The man pages don't ever talk about the numbers that are behind any of this. > With the 1.2.1 tools ausearch with the '-i' option doesn't translate the > number into a name. Right. > Does it with the 1.2.2 tools? No. I have not had time to work on user space tools. The intent is to make it do that with the -i param. > Speaking of ausearch, I just noticed that it emits this message: > > # /sbin/ausearch -m CONFIG_CHANGE -i > Warning - freq is non-zero and incremental flushing not selected. That comes from the config file parser. You've got a problem in /etc/audit/auditd.conf that should be fixed. -Steve -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
