The UNIX and Linux Forums  

Go Back   The UNIX and Linux Forums > Operating Systems > Linux > Red Hat
Reload this Page auditd
.
google unix.com

Forums Register Forum RulesLinksAlbums FAQ Members List Calendar Search Today's Posts Mark Forums Read



Thread: auditd
View Single Post in the UNIX and Linux Forums - Click on the Thread or Permalink to View Entire Thread -->
  #2 (permalink)  
Old 07-13-2007
syndex syndex is offline
Registered User
  
 

Join Date: Jun 2007
Location: Pennsylvania
Posts: 46
Everytime I do

Auditctl -l

I get

linux101:/etc # auditctl -l
No rules
File system watches not supported

Here is my audit.rules

linux101:/etc # cat audit.rules
# This file contains the auditctl rules that are loaded
# whenever the audit daemon is started via the initscripts.
# The rules are simply the parameters that would be passed
# to auditctl.

# First rule - delete all
-D

# Feel free to add below this line. See auditctl man page

# Increase the buffers to survive stress events
-b 256



Here is my auditd.conf




lxt-sles101:/etc # cat auditd.conf
#
# This file controls the configuration of the audit daemon
#

log_file = /var/log/audit/audit.log
log_format = RAW
priority_boost = 3
flush = INCREMENTAL
freq = 20
num_logs = 4
#dispatcher = /usr/sbin/audispd
max_log_file = 5
max_log_file_action = ROTATE
space_left = 75
space_left_action = SYSLOG
action_mail_acct = root
admin_space_left = 50
admin_space_left_action = SUSPEND
disk_full_action = SUSPEND
disk_error_action = SUSPEND


What am I doing wrong? .