On 14/01/20, Steve Grubb wrote: > On Mon, 20 Jan 2014 12:36:27 -0500 > Richard Guy Briggs <[email protected]> wrote: > > > > Can I ask kauditd not print anything if user space program cannot > > > handle that much message? > > > > Sure, on the kernel boot line you can set audit=0 to disable kaudit, > > or you can tell the init system to not start auditd. > > what if someone never wants events to go to syslog?
Then we need to add a new feature to kaudit to stop them. This also begs the question of what happens to AUDIT_USER_AVC messages... This patchwork is messy. > -Steve - RGB -- Richard Guy Briggs <[email protected]> Senior Software Engineer, Kernel Security, AMER ENG Base Operating Systems, Red Hat Remote, Ottawa, Canada Voice: +1.647.777.2635, Internal: (81) 32635, Alt: +1.613.693.0684x3545 -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
