Re: unlimit retries for remote plugin restart

On Thursday, April 12, 2018 2:13:39 AM EDT Levin Stanislav wrote: > Let's assume we have client's audit service and audit gatherer placed on > a remote host. > > Using au-remote plugin client sends logs to remote. > > Let's stop (do not start then) remote's audit service and restart > client's one. > > After that overcome max_restarts limit (e.g. default 10) from > /etc/audisp/audispd.conf by audit's events. > > Then start remote's audit service and trigger any audit event on client. > But audisp-remote process is dead ("plugin /sbin/audisp-remote has > exceeded max_restarts"). > > How can i solve this issue without client's audit service > restart? Is it possible by any settings/configs? Please give audit-2.8.4 a shot. It should solve this problem. -Steve