On Friday 31 August 2007 11:40:07 Robert Evans wrote: > I'm using CentOS, kernel 2.6.18-8.el5. I've compiled audit-1.5.6-1 and I'm > getting USER_AUTH events (logins, su, etc...) but I'm not seeing any > syscall events. > > Any ideas?
Offhand, the rules look Ok. If you can list them back out "auditctl -l" that means that the syscall auditing part of the kernel is compiled in and partially working. Other than that, I have no idea - I don't use their kernel. -Steve -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
