e4rat-collect not working with audit

  • Anonymous

    Anonymous - 2011-08-19

    I am having trouble getting e4rat-collect to create startup.log.
    I added init=/sbin/e4rat-collect to my grub bootup, and dmesg says (verbose 31):
      Connecting to the audit socket …
      Cannot insert rules: Invalid argument
      Cannot insert rules: Invalid argument
      Execute `/sbin/init' …
      Stop collecting files automatically after 120 seconds
      Starting event processing …

    type=1305 audit(1313482915.297:3): audit_enabled=0 old=1 auid=4294967295 ses=4294967295 res=1
      0 file(s) collected

    I am on kernel 3.0.1-ck with auditing and system-call auditing enabled.  Also, auditd is installed (and not running in rc.conf)

  • conso

    conso - 2011-08-21

    What does -ck in your kernel version stands for? I've never heard that before.

    OK, to solve the issue make sure that you have the CONFIG_AUDITSYSCALL option set.

  • Nobody/Anonymous

    and this fixed it.  thank you.

  • Nobody/Anonymous

    In ArchLinux, "-ck" suffix indicates Con Kolivas' BFS patch applied.


Log in to post a comment.