e4rat-collect not working with audit

Anonymous
2011-08-19
2013-05-28
  • Anonymous - 2011-08-19

    I am having trouble getting e4rat-collect to create startup.log.
    I added init=/sbin/e4rat-collect to my grub bootup, and dmesg says (verbose 31):
      Connecting to the audit socket …
      Cannot insert rules: Invalid argument
      Cannot insert rules: Invalid argument
      Execute `/sbin/init' …
      Stop collecting files automatically after 120 seconds
      Starting event processing …

    type=1305 audit(1313482915.297:3): audit_enabled=0 old=1 auid=4294967295 ses=4294967295 res=1
      0 file(s) collected

    I am on kernel 3.0.1-ck with auditing and system-call auditing enabled.  Also, auditd is installed (and not running in rc.conf)

     
  • conso

    conso - 2011-08-21

    What does -ck in your kernel version stands for? I've never heard that before.

    OK, to solve the issue make sure that you have the CONFIG_AUDITSYSCALL option set.

     
  • Nobody/Anonymous

    and this fixed it.  thank you.

     
  • Nobody/Anonymous

    In ArchLinux, "-ck" suffix indicates Con Kolivas' BFS patch applied.

     

Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

JavaScript is required for this form.





No, thanks