Redhat es4 x86 monoproc Kernel 2.6.9-34.EL Audit 1.0.12-1.EL4 If I have audit turned on and some syscalls enabled and there is no listening process then the audit subsystem pours its heart out on the console
This situation occurs if I start my auditing app (that listens directly to the audit subsystem using audit_get_reply) dies. I know I should catch the death signal and disable auditing but is there a way to stop the audit subsytem doing this anyway. I.e if nobody is listening then just dump the traffic I assumed it was syslog doing this but I have nothing in syslog.conf that points at /dev/console. Maybe its printk doing it -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
