On 4/6/21 8:55 AM, Steve Grubb wrote:
> On Tuesday, April 6, 2021 9:03:50 AM EDT Alan Evangelista wrote:
>> Hi! I was using auditbeat to connect to the audit kernel module and get
>> filesystem operations events from it. However, as I discussed in another
>> thread, it seems that the audit events
On Tuesday, April 6, 2021 9:03:50 AM EDT Alan Evangelista wrote:
> Hi! I was using auditbeat to connect to the audit kernel module and get
> filesystem operations events from it. However, as I discussed in another
> thread, it seems that the audit events kernel queue is buggy in kernel 3.1,
> the k
Hi! I was using auditbeat to connect to the audit kernel module and get
filesystem operations events from it. However, as I discussed in another
thread, it seems that the audit events kernel queue is buggy in kernel 3.1,
the kernel version available on CentOS 7. This means that if
auditbeat crashes
