[CentOS] Kernel Audit Messages
Kirk Bocek
t004 at kbocek.com
Mon Oct 17 22:32:25 UTC 2005
Well, Ted, it's not really that bad. A little RTFM (or release notes in
this case) and it was fixed. All I had to do was start the auditd
user-space tools and the messages are logged to
/var/log/audit/audit.log. All I wanted was to get them out of
/var/log/messages and the ring buffer.
Kirk
Ted Kaczmarek wrote:
> On Mon, 2005-10-17 at 09:19 -0700, Kirk Bocek wrote:
>
>>Since updating to 4.2 my Opteron server has been flooded by messages like:
>>
>>audit(1129565701.837:155): user pid=4700 uid=0 auid=4294967295 msg='PAM session open:
>>user=root exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron result=Success)'
>>
>>to both /var/log/messages and the kernel ring buffer. Looks like they are being
>>generated by cron jobs being run on the server.
>>
>>Does anyone know how to turn these messages off or to redirect them?
>>
>>Kirk
>>
>>_______________________________________________
>
> Man I am glad you posted this, guess I will be staying on 4.1 for a
> while :-)
>
> Ted
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
More information about the CentOS
mailing list