When stopping and starting the audit daemon I noticed that the
DAEMON_END audit record contains a subject field. However,
ausearch does not find the record when you perform a search for the
subject. Shouldn't ausearch be able to find the record if it
contains a subject? The DAEMON_START audit record doesn't
contain a subject and this seems a little bit inconsistent. Should
it contain a subject value or does it and the DAEMON_END record
really not require a subject (and thus ausearch not supporting
searching that record by subject)?
Thanks,
Tom Lendacky ([EMAIL PROTECTED])
--
redhat-lspp mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/redhat-lspp
