Thanks you so much for the quick response. I just want to send out this email. Because I use auditd -f to find out it was still the permission issue of audit.log.
What I wanted to do is let someone else able to read the audit.log other than root. Should I change the log_group setting ? It seems audit.log permission is 0600. Only root can read it. On Fri, Aug 16, 2013 at 11:43 AM, Steve Grubb <[email protected]> wrote: > On Friday, August 16, 2013 11:38:32 AM zhu xiuming wrote: > > HI > > Suddently, my auditd can't start. I do not know why. > > I remember I changed some permission settings on /var/log/audit. However, > > even I change it back, the auditd cann't be started. > > > > I looked at the audit.log. It only shows the daemon is closed > successfully > > > > I wonder whether there is other log file I should look. > > Its writes failure messages to /var/log/messages. I sometimes troubleshoot > issues by starting the daemon by hand in the foreground mode so that > everything is written to the screen. /sbin/auditd -f > > -Steve > >
-- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
