On Friday, September 1, 2017 8:58:47 AM EDT Maupertuis Philippe wrote: > The 30-pci-dss-v31.rules in the doc directory contains the following > statement : ## 10.2.6 Verify the following are logged: > ## Initialization of audit logs > ## Stopping or pausing of audit logs. > ## These are handled implicitly by auditd > > This very good since nothing need to be done, but how can I actually find > when these events occur ?
DAEMON_START DAEMON_END > I am not sure what means "pausing of audit logs", > can we really "pause" auditd ? In a sense you can by stopping the service. -Steve -- Linux-audit mailing list Linux-audit@redhat.com https://www.redhat.com/mailman/listinfo/linux-audit