Thank you for your advice.

Yes. I patched auditd to my kernel referring
http://selinuxproject.org/page/NB_SEforAndroid_1#auditd_Daemon

I am finding writing logs to both sides (/data/misc/audit and kernel log)
but it is not easy to find the way.

Thank you
Best regards

2013/11/9 Joshua Brindle <[email protected]>

>  Jaejyn Shin wrote:
>
>> I apply auditd to my android, and the violation logs are written in the
>> /data/misc/audit directory successfully.
>> But the logs are not written in the kernel log if I use the auditd .
>> I want to write logs in the both of paths, kernel log and /data/misc/audit
>> Is it possible?
>>
>
> If you patch your kernel, perhaps.
>
> On Linux, in general, once something connects to the audit netlink socket
> certain logs stop going to the kernel ring buffer and only go to auditd.
>
>

Reply via email to