However, the kernel audit framework will instead dispatch
the audit messages to an audit daemon if one is present;
This is good to know. I am working on the audit daemon and noticed that avc
messages usually wind up in syslog *even if* the audit daemon is running. I see
"real" audit messages going to /var/log/audit.log and scrolling dbus avc
messages
in /var/log/messages both at the same time.
Not sure how the kernel decides where to send each of these...but they do go to
different places on my machine.
-Steve Grubb
__________________________________
Do you Yahoo!?
Meet the all-new My Yahoo! - Try it today!
http://my.yahoo.com