I have RHEL 4 install (update 5). aureport seems to be working, so as the /var/log/audit/audit.log however auditd does not take any of my watch rules [EMAIL PROTECTED] ~]# service auditd restart Stopping auditd: [ OK ] Starting auditd: [ OK ] Error sending watch insert request (Invalid argument) There was an error in line 26 of /etc/audit.rules
When do auditctl -l, [EMAIL PROTECTED] ~]# auditctl -l No rules File system watches not supported Can anyone point me to a solution? audit version 1.0.15 kernel 2.6.22.5 here is my audit.rules ## Remove any existing rules -D ## Increase buffer size to handle the increased number of messages. ## Feel free to increase this if the machine panic's -b 1024 ## Set failure mode to panic -f 2 -w /boot -p wa
-- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
