From mboxrd@z Thu Jan  1 00:00:00 1970
From: "Timothy R. Chavez" <tim.chavez@linux.vnet.ibm.com>
Subject: Re: Audit messages on console
Date: Fri, 03 Aug 2007 14:08:12 -0500
Message-ID: <1186168092.27344.22.camel@localhost.localdomain>
References: <95470FF653FF324C8171194A81299CE01557491A@zrc2hxm2.corp.nortel.com>
	<1186167288.27344.20.camel@localhost.localdomain>
Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
Return-path: <linux-audit-bounces@redhat.com>
Received: from mx2.redhat.com (mx2.redhat.com [10.255.15.25])
	by int-mx2.corp.redhat.com (8.13.1/8.13.1) with ESMTP id l73J8bb0011373
	for <linux-audit@redhat.com>; Fri, 3 Aug 2007 15:08:38 -0400
Received: from e6.ny.us.ibm.com (e6.ny.us.ibm.com [32.97.182.146])
	by mx2.redhat.com (8.13.1/8.13.1) with ESMTP id l73J8aMH010670
	for <linux-audit@redhat.com>; Fri, 3 Aug 2007 15:08:36 -0400
Received: from d01relay02.pok.ibm.com (d01relay02.pok.ibm.com [9.56.227.234])
	by e6.ny.us.ibm.com (8.13.8/8.13.8) with ESMTP id l73J9kAo032063
	for <linux-audit@redhat.com>; Fri, 3 Aug 2007 15:09:46 -0400
Received: from d01av03.pok.ibm.com (d01av03.pok.ibm.com [9.56.224.217])
	by d01relay02.pok.ibm.com (8.13.8/8.13.8/NCO v8.4) with ESMTP id
	l73J8Tsp371930
	for <linux-audit@redhat.com>; Fri, 3 Aug 2007 15:08:29 -0400
Received: from d01av03.pok.ibm.com (loopback [127.0.0.1])
	by d01av03.pok.ibm.com (8.12.11.20060308/8.13.3) with ESMTP id
	l73J8SMa030451
	for <linux-audit@redhat.com>; Fri, 3 Aug 2007 15:08:29 -0400
In-Reply-To: <1186167288.27344.20.camel@localhost.localdomain>
List-Unsubscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: Ameel Kamboh <akamboh@nortel.com>
Cc: linux-audit@redhat.com
List-Id: linux-audit@redhat.com

On Fri, 2007-08-03 at 13:54 -0500, Timothy R. Chavez wrote:
> On Fri, 2007-08-03 at 13:26 -0500, Ameel Kamboh wrote:
> > I notice that if the auditd service is not running, 
> > I see all my audit logs go out on the console, 
> > When I start auditd service they go to the appropriate log file. 
> > Is there a way to turn this off in the kernel?
> > 
> 
> Hi Ameel,
> 
> If audit is enabled, but auditd isn't running, the audit records will be
> delivered to userspace via printk (KERN_NOTICE <5>).  So perhaps you'll
> just need to edit /etc/sysconfig and route kern.5 accordingly?  If you

Erm, /etc/syslog.conf

-tim