Oracle Linux: Audit Rules Fail to Generate Audit Records in audit.log
(Doc ID 2833328.1)
Last updated on JANUARY 13, 2022
Applies to:Linux OS - Version Oracle Linux 6.1 and later
Linux ARM 64-bit
Linux auditing (auditd(8)) was recently enabled and configured on an Oracle Linux system. An audit rule is set to monitor activity against a specific directory. Audit entries fail to generate despite activity having occurred against the directory. Note that the lack of audit records may occur for any audit rule(s) defined.
In the following example, an audit rule with key testdir is created to monitor activity performed against directory /path/to/testdir:
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document