Hi, I'm not sure if this is the default behavior,
I'm using audit 2.3.2, and I've configured auditd not to log anything (NOLOG option), and I set the queue buffer to 10240 messages. When the buffer is full or auditd is suddenly killed or for some other reason, it seems to write a lot of things to dmesg or /var/log/messages So, did kauditd wrote all these? I already killed auditd process but I can still see logs piling up. Can I ask kauditd not print anything if user space program cannot handle that much message? -- Best Regards, Aaron Lewis - PGP: 0x13714D33 - http://pgp.mit.edu/ Finger Print: 9F67 391B B770 8FF6 99DC D92D 87F6 2602 1371 4D33 -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
