Hi,
I am trying to have audit logs but i can't and frankly I couldn't able to find
out what is wrong with my conf files:
audit_control:
dir:/var/audit
flags:lo,+ex
minfree:20
naflags:lo
policy:cnt,argv
filesz:0
audit_warn:
logger -p security.warning "audit warning: $@"
#
# Compress audit trail files on close.
#
if [ "$1" = closefile ]; then
gzip -9 $2
fi
my audit_user file is empty and all other 2 files are untouched. But only line
I get is:
header,93,10,audit startup,0,Tue Jan 27 22:34:14 2009, + 916 msec
subject,root,root,wheel,root,wheel,1571,1571,0,0.0.0.0
text,auditd::Audit startup
return,success,0
trailer,93
praudit /dev/auditpipe also doesn't give me real time logs. One last point is
that sometimes with the configuration above i get some command execution lines
but not all of them so I could't figure out what is wrong with my config.
I appreciate if someone in this list can help me.
Regards.
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
