On Wednesday 23 July 2008 18:30:45 LC Bruzenak wrote: > So my questions are: > 1: duplicate records above - expected or correct since there were two > matches - the AVC and also the command?
you'd have to look at the logs to figure that out. ausearch doesn't buffer events past one miscompare. > 2: why is ausearch producing the AVCs? Maybe you need to be secadmin or auditadmin? -Steve -- Linux-audit mailing list Linux-audit@redhat.com https://www.redhat.com/mailman/listinfo/linux-audit
