RE: wierd audit problems on one RHEL ES4 box

What are your free and admin space requirements in /etc/auditd.conf? David A. Kirkwood SAIC david.a.kirkwood(a)saic.com kirkwoodd(a)saic.com Phone: (727) 502-8310 Fax: (727) 822-7776 -----Original Message----- From: linux-audit-bounces(a)redhat.com [mailto:linux-audit-bounces@redhat.com] On Behalf Of Bill Tangren Sent: Friday, April 13, 2007 10:27 AM Cc: linux-audit(a)redhat.com Subject: Re: wierd audit problems on one RHEL ES4 box Steve Grubb wrote: auditd After reboot, there is now nothing in /var/run with audit, or even au in the name. The service is stopped, and I cannot start it. Starting just fails. I noticed that auditd stopped writing to /var/log/audit/audit.log a few hours before the log was rotated. Rotation failed. Auditing has since been putting its output in /var/log/messages, even though auditd is not running, though "ps aux" shows root 2242 0.0 0.0 0 0 ? S< Apr12 0:00 [kauditd] I think the problem is that auditd cannot write to the log, but I don't know why. The permissions on the log seems to be the same as on other systems I run. The directory permission was 700, where it is 750 on other systems, but changing it to 750 didn't help. Any other ideas? -- Linux-audit mailing list Linux-audit(a)redhat.com https://www.redhat.com/mailman/listinfo/linux-audit