Hello,We've recently started using audit instead of syslog for reliability purposes (acknowledged logging). I'm trying to establish when the various audit_log_* system calls fail, particularly audit_log_user_message.
Basically what we're after is a way of being sure that a message that was sent for logging is "comitted", and react in some way if it is not. We're using audit_log_user_message but this function never fails (i.e. returns <=0, per manpage), even e.g. if the audit daemon is down. From reading the source code it seems the only way for it to fail is when the kernel is lacking support for auditing (or is too old or similar).
My conclusion, given the above assumption, is that these functions do not provide a way to ascertain that a message is actually logged from the system call, and that decisions about failed logging have to be made by the daemon. Is there any other way to check what happens with a log message once its sent using e.g. audit_log_user_message?
Thanks, /Kenan -- Kenan Avdic link22 AB Brigadgatan 1 587 58 Linköping, Sweden [email protected] tel: +46 707 75 77 61
smime.p7s
Description: S/MIME Cryptographic Signature
-- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
