From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.5 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3D055C4338F for ; Sun, 8 Aug 2021 13:42:29 +0000 (UTC) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id BC59060EE7 for ; Sun, 8 Aug 2021 13:42:28 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org BC59060EE7 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=redhat.com Authentication-Results: mail.kernel.org; spf=tempfail smtp.mailfrom=redhat.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1628430147; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=84DuUiOzkLBDPd+2M0He8pB7gacS4geV7O5gGcuFduM=; b=iWGhuO9eH4jq4JZ7TFvj9mAbM40c31sNyY6Hn2b9GKO779TY2DiljDw7jSbyQCGA+GOjIQ bUsWZyiJ/LhfDLNydUXpbNkJL9o6ZiTOvWl8VgolLon5lUX6zsx6O+C3TDDRsUHUeqpc3k h0zCnONh3DdAARX0v486jbjtYtLgPcU= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-32-iaA_L8yiNCm1850b2K1ciw-1; Sun, 08 Aug 2021 09:42:25 -0400 X-MC-Unique: iaA_L8yiNCm1850b2K1ciw-1 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 5A1141853026; Sun, 8 Aug 2021 13:42:22 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 5A4975D6B1; Sun, 8 Aug 2021 13:42:20 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 4AE8A4BB7C; Sun, 8 Aug 2021 13:42:17 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 178DgFnh030759 for ; Sun, 8 Aug 2021 09:42:15 -0400 Received: by smtp.corp.redhat.com (Postfix) id 0C443608BA; Sun, 8 Aug 2021 13:42:15 +0000 (UTC) Received: from x2.localnet (unknown [10.22.8.35]) by smtp.corp.redhat.com (Postfix) with ESMTP id B38EF6F97F; Sun, 8 Aug 2021 13:42:11 +0000 (UTC) From: Steve Grubb To: "linux-audit@redhat.com" , Rakesh Kumar Subject: Re: auditd not logging proper log. Date: Sun, 08 Aug 2021 09:42:10 -0400 Message-ID: <5527289.DvuYhMxLoT@x2> Organization: Red Hat In-Reply-To: <1380684812.550511.1628311676103@mail.yahoo.com> References: <94614270.1103019.1625898535256.ref@mail.yahoo.com> <2108221.irdbgypaU6@x2> <1380684812.550511.1628311676103@mail.yahoo.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-loop: linux-audit@redhat.com X-BeenThere: linux-audit@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Linux Audit Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linux-audit-bounces@redhat.com Errors-To: linux-audit-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=linux-audit-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit On Saturday, August 7, 2021 12:47:56 AM EDT Rakesh Kumar wrote: > 1)I am using this version of auditctl version 2.4.4 . So does this version > has the user login/logout info to log into audit.log ? This is not the responsibility of auditd. Auditd provides libaudit. Applications use that to create log events. It is the reposibility of system entry point daemons to log the event. User login events have been supported as long as I can remember. > 2) If u to want to see the pam.d/login file configuration to check why its > not logging the login/logout info then please let me know about this, It's not configurable by an end user. Its configured at compile time. You would want to look at the build logs for pam and entrypoint daemons such as sshd, gdm, kdm, etc. -Steve -- Linux-audit mailing list Linux-audit@redhat.com https://listman.redhat.com/mailman/listinfo/linux-audit