Kernel Audit Messages

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Well, Ted, it's not really that bad. A little RTFM (or release notes in 
this case) and it was fixed. All I had to do was start the auditd 
user-space tools and the messages are logged to 
/var/log/audit/audit.log. All I wanted was to get them out of 
/var/log/messages and the ring buffer.

Kirk

Ted Kaczmarek wrote:
> On Mon, 2005-10-17 at 09:19 -0700, Kirk Bocek wrote:
> 
>>Since updating to 4.2 my Opteron server has been flooded by messages like:
>>
>>audit(1129565701.837:155): user pid=4700 uid=0 auid=4294967295 msg='PAM session open: 
>>user=root exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron result=Success)'
>>
>>to both /var/log/messages and the kernel ring buffer. Looks like they are being 
>>generated by cron jobs being run on the server.
>>
>>Does anyone know how to turn these messages off or to redirect them?
>>
>>Kirk
>>
>>_______________________________________________
> 
> Man I am glad you posted this, guess I will be staying on 4.1 for a
> while :-)
> 
> Ted
> 
> _______________________________________________
> CentOS mailing list
> CentOS@xxxxxxxxxx
> http://lists.centos.org/mailman/listinfo/centos


[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux