Re: iptables changes triggering audit messages, despite auditd not being installed

Firstly, apologies for double-posting the issue originally. On 5 May 2016 at 13:05, shawn wilson wrote: > > On May 5, 2016 6:03 AM, "Tony Evans" wrote: >> > >> I can't find why the log entries are being created (i.e. I know the >> trigger, but I can

iptables changes generating audit entries in kern.log despite auditd not being installed

pace of 2 minutes 3. iptables changes now generate the above log entries in kern.log 4. reinstalled auditd, and the messages stop, despite fail2ban still making iptables updates during this period 5. remove auditd and the messages return immediately Anyone have any suggestions on where to look?

iptables changes triggering audit messages, despite auditd not being installed

and an identically timestamped entry shows up in kern.log Any offers about where to look? -- Tony Evans 'A learning experience is one of those things that say, "You know that thing you just did? Don't do that."' Douglas Adams. Photos: http://www.flickr.com/photos/eightbittony/ | Blog: http://perceptionistruth.com/