Problems with auditd

Paul Schmehl pauls at
Fri Dec 7 14:10:56 PST 2007

--On Friday, December 07, 2007 22:41:01 +0100 Peter Boosten 
<peter at> wrote:

> On Fri, December 7, 2007 22:06, Paul Schmehl wrote:
>> I upgraded my system from 6.0 RELEASE to 6.2 RELEASE by cvsupping the
>> files and then running buildkernel/buildworld as usual.  Since doing
>> that, auditd will not run, even though I have auditd_enable="YES" in
>> /etc/rc.conf. I've
>> been reading online posts about auditd and auditing (as well as the man
>> pages) but I haven't found what the problem is.
>> If I run audit -s, I get this:
>> root at utd59514# audit -s Error sending trigger: Function not implemented
> Did you compile the audit option into the kernel?
> options            AUDIT
> Peter

Apparently not.  I compiled the GENERIC kernel, and it does not appear to 
have that option.  Strange.  You would think, if the system is going to 
install the daemon, it would have that option in the GENERIC kernel.  :-(

Paul Schmehl (pauls at
Senior Information Security Analyst
The University of Texas at Dallas

More information about the freebsd-questions mailing list