Hi, I'm doing a stress test on auditd, so I add a rule to monitor "open" syscall, then I use a c program to generate massive amount of logs. The program finished and exited.
But I generated too much, if I kill auditd and start it again, I can still see a lot of type=SYSCALL logs. (But not CWD or PATH) Can I clear the existing buffer? -- Best Regards, Aaron Lewis - PGP: 0xDFE6C29E ( http://keyserver.veridis.com ) Finger Print: 9482 448F C7C3 896C 1DFE 7DD3 2492 A7D0 DFE6 C29E -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
