LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - General (https://www.linuxquestions.org/questions/linux-general-1/)
-   -   Linux kernel Audit support (https://www.linuxquestions.org/questions/linux-general-1/linux-kernel-audit-support-4175454977/)

kanishka.dutta 03-21-2013 05:51 AM
Linux kernel Audit support
 
I have enabled the Linux kernel audit support and am able to get the audit.log file properly.

But I need to check for a particular scenario where my Linux machine goes to deep sleep and then wakes up from that state. I need to collect the logs during this transition. Meaning to say - I would like to audit which files/processes is getting audited during this transition (wake up from deep sleep).

Please let me know what else I should do along with enabling the Linux kernel audit support?

unSpawn 03-22-2013 02:52 AM
Quote:
Originally Posted by kanishka.dutta (Post 4915864)
(..) I would like to audit which files/processes is getting audited during this transition (wake up from deep sleep).
Which files and processes are getting audited depends on your audit.rules contents and if those rules are loaded. Your problem is that while the audit service doesn't run messages (should) get pushed to syslog instead of audit.log and additionally that until the Syslog service runs it won't store messages anyway. Increasing the message buffer may help to some extent.

kanishka.dutta 04-10-2013 04:57 AM
Thanks for the response.

I am able to get the audit.log(s) files now. I would like to know, why is there no daemon process entries in the log file? Is there any specific settings/configurations that we need to do, in order to track the daemon processes as well?

Please guide ...


All times are GMT -5. The time now is 04:39 PM.