Date: Tue, 27 Jan 2009 12:37:41 -0800 (PST) From: Martin Badie <martinbadie@yahoo.com> To: freebsd-questions@freebsd.org Subject: audit not working Message-ID: <699775.55525.qm@web59906.mail.ac4.yahoo.com>
next in thread | raw e-mail | index | archive | help
Hi,
I am trying to have audit logs but i can't and frankly I couldn't able to find out what is wrong with my conf files:
audit_control:
dir:/var/audit
flags:lo,+ex
minfree:20
naflags:lo
policy:cnt,argv
filesz:0
audit_warn:
logger -p security.warning "audit warning: $@"
#
# Compress audit trail files on close.
#
if [ "$1" = closefile ]; then
gzip -9 $2
fi
my audit_user file is empty and all other 2 files are untouched. But only line I get is:
header,93,10,audit startup,0,Tue Jan 27 22:34:14 2009, + 916 msec
subject,root,root,wheel,root,wheel,1571,1571,0,0.0.0.0
text,auditd::Audit startup
return,success,0
trailer,93
praudit /dev/auditpipe also doesn't give me real time logs. One last point is that sometimes with the configuration above i get some command execution lines but not all of them so I could't figure out what is wrong with my config.
I appreciate if someone in this list can help me.
Regards.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?699775.55525.qm>