Date: Tue, 5 Sep 2006 21:10:48 +0200 From: Joerg Pernfuss <elessar@bsdforen.de> To: audit@freebsd.org Subject: Re: audit MFC to RELENG_6, auditd doesn't start Message-ID: <20060905211048.709c30bd@loki.starkstrom.lan> In-Reply-To: <20060905174108.5ea3a758@loki.starkstrom.lan> References: <20060905174108.5ea3a758@loki.starkstrom.lan>
next in thread | previous in thread | raw e-mail | index | archive | help
--DSPAM_MULTIPART_EX-69396 Content-Type: multipart/signed; boundary=Sig_KhngklIBZb.bPzPTnMvRBzK; protocol="application/pgp-signature"; micalg=PGP-SHA1 --Sig_KhngklIBZb.bPzPTnMvRBzK Content-Type: text/plain; charset=ISO-8859-15 Content-Transfer-Encoding: quoted-printable A bit more information: from /var/log/security: Sep 5 20:57:28 loki auditd[1620]: starting... Sep 5 20:57:28 loki auditd[1620]: dir =3D /var/audit Sep 5 20:57:28 loki auditd[1620]: New audit file is /var/audit/20060905185= 728.not_terminated Sep 5 20:57:28 loki auditd[1620]: auditctl failed setting log file! : Inva= lid argument Sep 5 20:57:28 loki auditd[1620]: dir =3D /usr/audit Sep 5 20:57:28 loki auditd[1620]: New audit file is /usr/audit/20060905185= 728.not_terminated Sep 5 20:57:28 loki auditd[1620]: auditctl failed setting log file! : Inva= lid argument Sep 5 20:57:28 loki auditd[1620]: Log directories exhausted Sep 5 20:57:28 loki auditd[1620]: Could not swap audit file Sep 5 20:57:28 loki auditd[1620]: Error reading control file Sep 5 20:57:28 loki elessar: audit warning: getacdir /var/audit Sep 5 20:57:28 loki elessar: audit warning: getacdir /usr/audit Sep 5 20:57:28 loki elessar: audit warning: nostart The output from a ktrace of `auditd -d`: http://www.elessar.org/auditd.ktrace-fork.txt Full dmesg (not verbose though): http://www.elessar.org/dmesg.txt Kernel configuration: http://www.elessar.org/kernel_conf.txt And last but not least my /etc/security/audit_control as it is the only modified file: dir:/var/audit dir:/usr/audit flags:lo minfree:5 naflags:lo Regards, J=F6rg --=20 | /"\ ASCII ribbon | GnuPG Key ID | e86d b753 3deb e749 6c3a | | \ / campaign against | 0xbbcaad24 | 5706 1f7d 6cfd bbca ad24 | | X HTML in email | .the next sentence is true. | | / \ and news | .the previous sentence was a lie. | --Sig_KhngklIBZb.bPzPTnMvRBzK Content-Type: application/pgp-signature; name=signature.asc Content-Disposition: attachment; filename=signature.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (FreeBSD) iD8DBQFE/cvAH31s/bvKrSQRAmM5AJ9iEbpzHnOVcB2GGQZD8J+9c6pP2wCfWBxl hu78NvhegOe2EaXTO+eYQj0= =2hBx -----END PGP SIGNATURE----- --Sig_KhngklIBZb.bPzPTnMvRBzK-- --DSPAM_MULTIPART_EX-69396 Content-Type: text/plain X-DSPAM-Signature: 44fdcbc3693961015038593 !DSPAM:44fdcbc3693961015038593! --DSPAM_MULTIPART_EX-69396--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060905211048.709c30bd>