Description of problem:
audisp will not reconnect to remote server after a transient "critical" network error.
Steve Grubb is aware of this issue, and has a fix.
There is an upstream fix for this. Simple fix to back port just that patch.
The main patches that fixes this is 867 & 871.
However, that also depended on 865, 864, 863, and 860 because the management of plugins was not working correctly. Meaning that if you changed a setting in audisp-remote.conf, you could not do, "service auditd reload" and have sighup propogate to the remote plugin.
Could you please share the details about this bug and its reproducer? It is not clear from the description - what is meant by a 'transient "critical" network error.'?
audit-2.2-3.el6 was built with just patch 867 & 871 applied.
Thanks for the investigation. I can see that I need to modify the patch a bit. I will provide an updated build.
Fixed in upstream commit 895.
audit-2.2-4.el6 was built to resolve this problem. It adds upstream commit 895 to the patch.
When updating to the new version, please make sure that the
configuration file is updated too. The default value of "remote_ending_action" has changed from:
remote_ending_action = suspend
remote_ending_action = reconnect
This change is an important part if the fix.
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.