Oracle Linux: Audit Rules Fail to Generate Audit Records in audit.log (Doc ID 2833328.1)

Last updated on JANUARY 13, 2022

Applies to:

Linux OS - Version Oracle Linux 6.1 and later
Linux x86-64
Linux x86
Linux ARM 64-bit

Symptoms

Linux auditing (auditd(8)) was recently enabled and configured on an Oracle Linux system. An audit rule is set to monitor activity against a specific directory. Audit entries fail to generate despite activity having occurred against the directory. Note that the lack of audit records may occur for any audit rule(s) defined.

In the following example, an audit rule with key testdir is created to monitor activity performed against directory /path/to/testdir:

Changes

Cause

	To view full details, sign in with your My Oracle Support account.
	Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.

Oracle Linux: Audit Rules Fail to Generate Audit Records in audit.log (Doc ID 2833328.1)

Applies to:

Symptoms

Changes

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!