Hello,
We've recently started using audit instead of syslog for reliability
purposes (acknowledged logging). I'm trying to establish when the
various audit_log_* system calls fail, particularly audit_log_user_message.
Basically what we're after is a way of being sure that a message that
was
Messages of type AUDIT_USER_TTY were being formatted to 1024 octets,
truncating messages approaching MAX_AUDIT_MESSAGE_LENGTH (8970 octets).
Set the formatting to 8560 characters, given maximum estimates for prefix and
suffix budgets.
See the problem discussion:
https://www.redhat.com/archives/li
On Tue, Sep 17, 2013 at 02:10:19PM -0400, Steve Grubb wrote:
> On Tuesday, September 17, 2013 10:48:02 AM Richard Guy Briggs wrote:
> > On Wed, Jan 28, 2009 at 11:44:27AM -0600, LC Bruzenak wrote:
> > > On Wed, 2009-01-28 at 12:15 -0500, Steve Grubb wrote:
> > > A secondary concern is - what is the
On Wed, Jan 28, 2009 at 11:44:27AM -0600, LC Bruzenak wrote:
> On Wed, 2009-01-28 at 12:15 -0500, Steve Grubb wrote:
> > Offhand, I don't remember why the kernel sets the limit so low. It could be
> > bumped some. How much, I don't know. 4K or 8K would seem fine.
I'm just reading this thread now,
On Tuesday, September 17, 2013 10:48:02 AM Richard Guy Briggs wrote:
> On Wed, Jan 28, 2009 at 11:44:27AM -0600, LC Bruzenak wrote:
> > On Wed, 2009-01-28 at 12:15 -0500, Steve Grubb wrote:
> > > Offhand, I don't remember why the kernel sets the limit so low. It could
> > > be
> > > bumped some. Ho