On Mon, 05.03.12 14:29, Rainer Gerhards (rgerha...@gmail.com) wrote:
> > Note that on F17 (and most likely for much longer) systemd does not take
> > control of /proc/kmsg and leaves that to syslog-ng/rsyslog.
>
> Sure, but the question was with a bit broader scope, assuming this
> will change in
On Sun, Mar 4, 2012 at 11:37 PM, Lennart Poettering
wrote:
> On Thu, 23.02.12 17:54, Rainer Gerhards (rgerha...@gmail.com) wrote:
>
>> Hi,
>>
>> I am thinking on how to detect potential fake messages, claiming to be
>> e.g. from the audit subsystem. Let's assume
>> - auditd is stopped --> audit me
On Thu, 23.02.12 17:54, Rainer Gerhards (rgerha...@gmail.com) wrote:
> Hi,
>
> I am thinking on how to detect potential fake messages, claiming to be
> e.g. from the audit subsystem. Let's assume
> - auditd is stopped --> audit messages are put into the kernel log
> - journald controls /dev/kmsg
Hi,
I am thinking on how to detect potential fake messages, claiming to be
e.g. from the audit subsystem. Let's assume
- auditd is stopped --> audit messages are put into the kernel log
- journald controls /dev/kmsg and provides these via the the journal
log socket to syslogd
- syslogd uses SCM_CR
