* What constitutes -f failure?
@ 2013-10-29 19:51 leam hall
2013-10-29 20:17 ` Steve Grubb
0 siblings, 1 reply; 3+ messages in thread
From: leam hall @ 2013-10-29 19:51 UTC (permalink / raw)
To: linux-audit
[-- Attachment #1.1: Type: text/plain, Size: 267 bytes --]
The -f flag is set to 0, 1, or 2 and specifies what to do on failure. Is
that "failure" any logging event? Or just logging events when the backlog
is higher than whatever the -b option sets it to?
Thanks!
Leam
--
Mind on a Mission <http://leamhall.blogspot.com/>
[-- Attachment #1.2: Type: text/html, Size: 405 bytes --]
[-- Attachment #2: Type: text/plain, Size: 0 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: What constitutes -f failure?
2013-10-29 19:51 What constitutes -f failure? leam hall
@ 2013-10-29 20:17 ` Steve Grubb
2013-10-29 20:21 ` leam hall
0 siblings, 1 reply; 3+ messages in thread
From: Steve Grubb @ 2013-10-29 20:17 UTC (permalink / raw)
To: linux-audit
On Tuesday, October 29, 2013 03:51:53 PM leam hall wrote:
> The -f flag is set to 0, 1, or 2 and specifies what to do on failure. Is
> that "failure" any logging event? Or just logging events when the backlog
> is higher than whatever the -b option sets it to?
>
> Thanks!
>
> Leam
>From the auditctl man page:
This option lets you
determine how you want the kernel to handle critical errors.
Example conditions where this flag is consulted includes: trans‐
mission errors to userspace audit daemon, backlog limit
exceeded, out of kernel memory, and rate limit exceeded. The
default value is 1.
This is only for the kernel. User space error handling is dictated by the
*_action settings in auditd.conf.
-Steve
--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: What constitutes -f failure?
2013-10-29 20:17 ` Steve Grubb
@ 2013-10-29 20:21 ` leam hall
0 siblings, 0 replies; 3+ messages in thread
From: leam hall @ 2013-10-29 20:21 UTC (permalink / raw)
To: linux-audit
[-- Attachment #1.1: Type: text/plain, Size: 1056 bytes --]
Steve, thanks!
Leam
On Tue, Oct 29, 2013 at 4:17 PM, Steve Grubb <sgrubb@redhat.com> wrote:
> On Tuesday, October 29, 2013 03:51:53 PM leam hall wrote:
> > The -f flag is set to 0, 1, or 2 and specifies what to do on failure. Is
> > that "failure" any logging event? Or just logging events when the backlog
> > is higher than whatever the -b option sets it to?
> >
> > Thanks!
> >
> > Leam
>
> From the auditctl man page:
>
> This option lets you
> determine how you want the kernel to handle critical
> errors.
> Example conditions where this flag is consulted includes:
> trans‐
> mission errors to userspace audit daemon, backlog
> limit
> exceeded, out of kernel memory, and rate limit exceeded.
> The
> default value is 1.
>
> This is only for the kernel. User space error handling is dictated by the
> *_action settings in auditd.conf.
>
> -Steve
>
--
Mind on a Mission <http://leamhall.blogspot.com/>
[-- Attachment #1.2: Type: text/html, Size: 1639 bytes --]
[-- Attachment #2: Type: text/plain, Size: 0 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2013-10-29 20:21 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-10-29 19:51 What constitutes -f failure? leam hall
2013-10-29 20:17 ` Steve Grubb
2013-10-29 20:21 ` leam hall
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.