Steve, thanks! Leam
On Tue, Oct 29, 2013 at 4:17 PM, Steve Grubb <sgr...@redhat.com> wrote: > On Tuesday, October 29, 2013 03:51:53 PM leam hall wrote: > > The -f flag is set to 0, 1, or 2 and specifies what to do on failure. Is > > that "failure" any logging event? Or just logging events when the backlog > > is higher than whatever the -b option sets it to? > > > > Thanks! > > > > Leam > > From the auditctl man page: > > This option lets you > determine how you want the kernel to handle critical > errors. > Example conditions where this flag is consulted includes: > transā > mission errors to userspace audit daemon, backlog > limit > exceeded, out of kernel memory, and rate limit exceeded. > The > default value is 1. > > This is only for the kernel. User space error handling is dictated by the > *_action settings in auditd.conf. > > -Steve > -- Mind on a Mission <http://leamhall.blogspot.com/>
-- Linux-audit mailing list Linux-audit@redhat.com https://www.redhat.com/mailman/listinfo/linux-audit