Bug 125726
Summary: | System freezes during append mode audit with 2.1GB audit log | ||||||
---|---|---|---|---|---|---|---|
Product: | Red Hat Enterprise Linux 3 | Reporter: | Peggy Proffitt <peggy.proffitt> | ||||
Component: | laus | Assignee: | Jason Vas Dias <jvdias> | ||||
Status: | CLOSED CURRENTRELEASE | QA Contact: | Jay Turner <jturner> | ||||
Severity: | high | Docs Contact: | |||||
Priority: | medium | ||||||
Version: | 3.0 | CC: | srevivo, tao | ||||
Target Milestone: | --- | ||||||
Target Release: | --- | ||||||
Hardware: | i686 | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | laus-0.1-70RHEL3 | Doc Type: | Bug Fix | ||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2005-06-02 01:02:08 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
Peggy Proffitt
2004-06-10 17:05:50 UTC
Created attachment 101041 [details]
Tar of audit configuration files
Very sorry for the delay in getting back to you about this bug - I've recently taken over the LAuS package and this bug had been overlooked . The size limitation could have been a filesystem size limitation, which is no longer the case with later RHEL-3 kernels . I'd suggest not using append mode, but using a normal set of binary audit logs, such as: output { mode = bin; num-files = 4; file-size = 20M; file-name = "/var/log/audit.d/bin"; notify = "/etc/audit/process_log.sh"; ... } You could create your /etc/audit/process_log.sh as a script which performs the analysis / archival functions on the single binary audit log given as its first argument "$1", and then invokes '/usr/sbin/audbin -C -S /var/log/audit.d/save.%u $1' to clear it out. There is also new audbin -T threshold and -N notify parameters to handle the case when there is not enough space to hold the saved audit log - see man audbin(1) . Please try the latest laus-0.1-70RHEL3 in RHEL-3-U5 and available for download from: http://people.redhat.com/~jvdias/laus/ I don't think this problem will reoccur with that version and the latest RHEL-3 kernel. |