From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.5 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 18CF7C4338F for ; Mon, 9 Aug 2021 03:20:17 +0000 (UTC) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 9992160C51 for ; Mon, 9 Aug 2021 03:20:16 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 9992160C51 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=redhat.com Authentication-Results: mail.kernel.org; spf=tempfail smtp.mailfrom=redhat.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1628479215; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=0s5RlEfnwrKr/RPdYIVy5dN8scGq5K6paZfvy5z4Yfk=; b=UKF5MTX+ZY7SRFkfo9F1hZYVNPIpTLdS3k4ssRzA1fdeQhLplOto8AHSLLAxN9W1FACpsL Ij7ryxnbj5Ybjiikjk94cG2H4aD/oDsa7e3KSu7mVp4HPXqmAMNahwwasP7gHartkkTozT eApLBKK8gZUQxIIarBHBI3MD/q/bT98= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-205-j_G7OQXqNT-wL5pjUYl6zA-1; Sun, 08 Aug 2021 23:20:14 -0400 X-MC-Unique: j_G7OQXqNT-wL5pjUYl6zA-1 Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 54E833E745; Mon, 9 Aug 2021 03:20:10 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id AA9385C1D1; Mon, 9 Aug 2021 03:20:09 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id DDDFC4BB7C; Mon, 9 Aug 2021 03:20:07 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 1793Ju51016968 for ; Sun, 8 Aug 2021 23:19:56 -0400 Received: by smtp.corp.redhat.com (Postfix) id 5B76B27CA6; Mon, 9 Aug 2021 03:19:56 +0000 (UTC) Received: from x2.localnet (unknown [10.22.32.86]) by smtp.corp.redhat.com (Postfix) with ESMTP id DBB7E90A9; Mon, 9 Aug 2021 03:19:53 +0000 (UTC) From: Steve Grubb To: Rakesh Kumar Subject: Re: auditd not logging proper log. Date: Sun, 08 Aug 2021 23:19:52 -0400 Message-ID: <4668907.31r3eYUQgx@x2> Organization: Red Hat In-Reply-To: <758905872.811310.1628444880085@mail.yahoo.com> References: <94614270.1103019.1625898535256.ref@mail.yahoo.com> <5527289.DvuYhMxLoT@x2> <758905872.811310.1628444880085@mail.yahoo.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 X-loop: linux-audit@redhat.com Cc: "linux-audit@redhat.com" X-BeenThere: linux-audit@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Linux Audit Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linux-audit-bounces@redhat.com Errors-To: linux-audit-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=linux-audit-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit On Sunday, August 8, 2021 1:48:00 PM EDT you wrote: > The user login/logout information is being logged into auth.log file but > not being logged into audit.log .it means that sshd, pam configuration is > working for auth.log file then why its not working for audit.log, so where > could be the problem, for this not being logged into audit.log file . > Where should i investigate.? As I said, the build logs. Listen, do not keep sending emails saying this is not working please help. I have no idea what distribution you are using or if you have even contacted them. If you are using a distribution, please contact them. You point to syslog and ask why audit is not working. Audit doesn't send to syslog, it sends to auditd unless auditd is not running. Is it? Audit is working for all distributions I know of. If it's not working for you, it is incumbent on you to explain what your system is using and how you've checked it. Try ldd for example to see if pam is actually linked aginst libaudit. -Steve -- Linux-audit mailing list Linux-audit@redhat.com https://listman.redhat.com/mailman/listinfo/linux-audit