On Thursday, July 13, 2017 4:54:39 PM EDT Richard Guy Briggs wrote: > In the process of creating/updating the audit message/record type > dictionary, I stumbled on the following two message types missing from > ausearch -m text: > > This one is in the userspace header file. What is its meaning and is it > a printable record? > > AUDIT_DAEMON_RECONFIG,1204,Auditd should reconfigure
This is an internal only message that never gets written to disk. This gets changed into DAEMON_CONFIG and that is what is on-disk. > This was added to test if a daemon was still listening and should be > logged that an attempt was made to replace it. > > AUDIT_REPLACE,1329,Replace auditd if this probe unanswerd These are discarded. -Steve -- Linux-audit mailing list Linux-audit@redhat.com https://www.redhat.com/mailman/listinfo/linux-audit
