Bug 315561
Summary: | Audit system drops messages which are too large | ||||||
---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Eric Paris <eparis> | ||||
Component: | audit | Assignee: | Steve Grubb <sgrubb> | ||||
Status: | CLOSED RAWHIDE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
Severity: | low | Docs Contact: | |||||
Priority: | low | ||||||
Version: | rawhide | ||||||
Target Milestone: | --- | ||||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2008-01-01 15:37:24 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
Eric Paris
2007-10-02 16:22:01 UTC
recvfrom(3, "\275$\0\0\35\5\0\0\0\0\0\0\0\0\0\0audit(1191367234.497:17): a0=\"ls\"\na1=\"--color=tty\"\na2=\"dir1/file1\"\na3=\"dir1/file10\"\na4=\"dir1/file11\"\na5=\"dir1/file12\"\na6=\"dir1/file13\"\na7=\"dir1/file14\"\na8=\"dir1/file15\"\na9=\"dir1/file16\"\na10=\"dir1/file17\"\na11=\"dir1/file18\"\na12=\"dir1/file19\"\na13=\"dir1/file2\"\na14=\"dir1/file20\"\na15=\"dir1/file21\"\na16=\"dir1/file22\"\na17=\"dir1/file23\"\na18=\"dir1/file24\"\na19=\"dir1/file25\"\na20=\"dir1/file26\"\na21=\"dir1/file27\"\na22=\"dir1/file28\"\na23=\"dir1/file29\"\na24=\"dir1/file3\"\na25=\"dir1/file30\"\na26=\"dir1/file31\"\na27=\"dir1/file32\"\na28=\"dir1/file33\"\na29=\"dir1/file34\"\na30=\"dir1/file35\"\na31=\"dir1/file36\"\na32=\"dir1/file37\"\na33=\"dir1/file38\"\na34=\"dir1/file39\"\na35=\"dir1/file4\"\na36=\"dir1/file40\"\na37=\"dir1/file41\"\na38=\"dir1/file42\"\na39=\"dir1/file43\"\na40=\"dir1/file44\"\na41=\"dir1/file45\"\na42=\"dir1/file46\"\na43=\"dir1/file47\"\na44=\"dir1/file48\"\na45=\"dir1/file49\"\na46=\"dir1/file5\"\na47=\"dir1/file50\"\na48=\"dir1/file6\"\na49=\"dir1/file7\"\na50=\"dir1/file8\"\na51=\"dir1/file9\"\na52=\"dir2/file1\"\na53=\"dir2/file10\"\na54=\"dir2/file11\"\na55=\"dir2/file12\"\na56"..., 8988, MSG_DONTWAIT, {sa_family=AF_NETLINK, pid=0, groups=00000000}, [12]) = 8988 Created attachment 213671 [details]
strace of auditd when I exec'd ls with a huge arg list
Since 1.6.4, the audit daemon now logs that a message was too large. This is about all that can be done given the design. |