Everytime I do
Auditctl -l
I get
linux101:/etc # auditctl -l
No rules
File system watches not supported
Here is my audit.rules
linux101:/etc # cat audit.rules
# This file contains the auditctl rules that are loaded
# whenever the audit daemon is started via the initscripts.
# The rules are simply the parameters that would be passed
# to auditctl.
# First rule - delete all
-D
# Feel free to add below this line. See auditctl man page
# Increase the buffers to survive stress events
-b 256
Here is my auditd.conf
lxt-sles101:/etc # cat auditd.conf
#
# This file controls the configuration of the audit daemon
#
log_file = /var/log/audit/audit.log
log_format = RAW
priority_boost = 3
flush = INCREMENTAL
freq = 20
num_logs = 4
#dispatcher = /usr/sbin/audispd
max_log_file = 5
max_log_file_action = ROTATE
space_left = 75
space_left_action = SYSLOG
action_mail_acct = root
admin_space_left = 50
admin_space_left_action = SUSPEND
disk_full_action = SUSPEND
disk_error_action = SUSPEND
What am I doing wrong?
.