From mboxrd@z Thu Jan  1 00:00:00 1970
From: Michael C Thompson <thompsmc@us.ibm.com>
Subject: Re: file watch and stat
Date: Mon, 02 Oct 2006 16:22:17 -0500
Message-ID: <45218309.7050900@us.ibm.com>
References: <45216583.6060405@us.ibm.com> <20061002201116.GA17635@fc.hp.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Return-path: <linux-audit-bounces@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com [172.16.48.31])
	by int-mx1.corp.redhat.com (8.12.11.20060308/8.12.11) with ESMTP id
	k92LMSaW002261
	for <linux-audit@redhat.com>; Mon, 2 Oct 2006 17:22:28 -0400
Received: from e5.ny.us.ibm.com (e5.ny.us.ibm.com [32.97.182.145])
	by mx1.redhat.com (8.12.11.20060308/8.12.11) with ESMTP id
	k92LMR9L026168
	for <linux-audit@redhat.com>; Mon, 2 Oct 2006 17:22:27 -0400
Received: from d01relay02.pok.ibm.com (d01relay02.pok.ibm.com [9.56.227.234])
	by e5.ny.us.ibm.com (8.13.8/8.12.11) with ESMTP id k92LML5q027039
	for <linux-audit@redhat.com>; Mon, 2 Oct 2006 17:22:21 -0400
Received: from d01av03.pok.ibm.com (d01av03.pok.ibm.com [9.56.224.217])
	by d01relay02.pok.ibm.com (8.13.6/8.13.6/NCO v8.1.1) with ESMTP id
	k92LMJjV270306
	for <linux-audit@redhat.com>; Mon, 2 Oct 2006 17:22:21 -0400
Received: from d01av03.pok.ibm.com (loopback [127.0.0.1])
	by d01av03.pok.ibm.com (8.12.11.20060308/8.13.3) with ESMTP id
	k92LMJmh029156
	for <linux-audit@redhat.com>; Mon, 2 Oct 2006 17:22:19 -0400
Received: from [127.0.0.1] (pendarric.austin.ibm.com [9.41.46.108])
	by d01av03.pok.ibm.com (8.12.11.20060308/8.12.11) with ESMTP id
	k92LMIrE029120
	for <linux-audit@redhat.com>; Mon, 2 Oct 2006 17:22:19 -0400
In-Reply-To: <20061002201116.GA17635@fc.hp.com>
List-Unsubscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: linux-audit@redhat.com
List-Id: linux-audit@redhat.com

Amy Griffis wrote:
> Michael C Thompson wrote:  [Mon Oct 02 2006, 03:16:19PM EDT]
>> Hey all,
>>
>> I'm trying to figure out why having a watch a on file is not generating 
>> a record when I stat said file.
>>
>> Put a watch on a file, and do stat file.
>>
>> No record... I'm not sure why this is happening, isn't getting such 
>> information considered security relevant?
> 
> What is your audit rule?

auditctl -w /path/to/file

Mike