Find the answer to your Linux question:
Results 1 to 2 of 2
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1

    Auditing-Can't start auditd


    Thanks in advance for your time. I've been struggling with getting auditd to start for a couple of weeks now (I used to use Snare to audit my RHEL 6 system, now I want to switch over to using auditd and aureport). When I run
    Code:
    service auditd start
    or
    Code:
    service auditd restart
    it tells me it FAILED. I have already run
    Code:
    chmod 750 /var/log/audit
    and
    Code:
    dnf reinstall audit
    . I have also tried
    Code:
    /sbin/auditd
    and
    Code:
    /etc/initd.d/auditd start
    I am logged in as admin, and have already run
    Code:
    su
    /var/log/messages didn't have any errors that appeared to pertain to this issue.

    Is there something I'm missing, or something else I could try? My audit.conf file appears to be in good shape, and /var/log/audit.log was created.

    Thanks again for any assistance you can provide.

  2. #2
    Quote Originally Posted by DJ_Thrive View Post
    Thanks in advance for your time. I've been struggling with getting auditd to start for a couple of weeks now (I used to use Snare to audit my RHEL 6 system, now I want to switch over to using auditd and aureport). When I run
    Code:
    service auditd start
    or
    Code:
    service auditd restart
    it tells me it FAILED. I have already run
    Code:
    chmod 750 /var/log/audit
    and
    Code:
    dnf reinstall audit
    . I have also tried
    Code:
    /sbin/auditd
    and
    Code:
    /etc/initd.d/auditd start
    I am logged in as admin, and have already run
    Code:
    su
    /var/log/messages didn't have any errors that appeared to pertain to this issue.

    Is there something I'm missing, or something else I could try? My audit.conf file appears to be in good shape, and /var/log/audit.log was created.

    Thanks again for any assistance you can provide.
    yea you didnt configure it right and havent posted anything that gives any ideas about why. and using rhel6 means you need to call redhat. your paying for it arent you or are you expecting us to give you free support on a commercial product?

    and if youve spent WEEKS doing a simple config you can stop now. you clearly dont have the skills.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •