From owner-freebsd-questions@FreeBSD.ORG  Fri Dec  7 22:10:56 2007
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 3792616A469
	for <freebsd-questions@freebsd.org>;
	Fri,  7 Dec 2007 22:10:56 +0000 (UTC)
	(envelope-from pauls@utdallas.edu)
Received: from smtp3.utdallas.edu (smtp3.utdallas.edu [129.110.10.49])
	by mx1.freebsd.org (Postfix) with ESMTP id 1945A13C465
	for <freebsd-questions@freebsd.org>;
	Fri,  7 Dec 2007 22:10:55 +0000 (UTC)
	(envelope-from pauls@utdallas.edu)
Received: from utd59514.utdallas.edu (utd59514.utdallas.edu [129.110.3.28])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by smtp3.utdallas.edu (Postfix) with ESMTP id 2FB0D65505
	for <freebsd-questions@freebsd.org>;
	Fri,  7 Dec 2007 16:10:55 -0600 (CST)
Date: Fri, 07 Dec 2007 16:10:54 -0600
From: Paul Schmehl <pauls@utdallas.edu>
To: FreeBSD Questions <freebsd-questions@freebsd.org>
Message-ID: <0C62124225962A54433BE453@utd59514.utdallas.edu>
In-Reply-To: <1150.192.168.13.35.1197063661.squirrel@www.boosten.org>
References: <1DD9ABE123D4CF6F937ADD62@utd59514.utdallas.edu>
	<1150.192.168.13.35.1197063661.squirrel@www.boosten.org>
X-Mailer: Mulberry/4.0.8 (Linux/x86)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Subject: Re: Problems with auditd
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Dec 2007 22:10:56 -0000

--On Friday, December 07, 2007 22:41:01 +0100 Peter Boosten 
<peter@boosten.org> wrote:

> On Fri, December 7, 2007 22:06, Paul Schmehl wrote:
>> I upgraded my system from 6.0 RELEASE to 6.2 RELEASE by cvsupping the
>> files and then running buildkernel/buildworld as usual.  Since doing
>> that, auditd will not run, even though I have auditd_enable="YES" in
>> /etc/rc.conf. I've
>> been reading online posts about auditd and auditing (as well as the man
>> pages) but I haven't found what the problem is.
>>
>> If I run audit -s, I get this:
>> root@utd59514# audit -s Error sending trigger: Function not implemented
>>
>>
>
> Did you compile the audit option into the kernel?
>
> options            AUDIT
>
> Peter

Apparently not.  I compiled the GENERIC kernel, and it does not appear to 
have that option.  Strange.  You would think, if the system is going to 
install the daemon, it would have that option in the GENERIC kernel.  :-(

-- 
Paul Schmehl (pauls@utdallas.edu)
Senior Information Security Analyst
The University of Texas at Dallas
http://www.utdallas.edu/ir/security/