5:06 p.m.
On Tue, 14 Mar 2006 17:37:48 EST, Steve Grubb said:
On Tuesday 14 March 2006 17:23, Valdis.Kletnieks(a)vt.edu wrote:
> Obviously looks like something is getting seriously stuck and replicating
> messages.
>
> Plus, it looks like there's some basic info missing on the
> 'type=SOCKETCALL', like the issuing process ID, etc....
Hmm. I wonder who's guilty. Its either kernel or userspace. One way to cut th
e
problem in half is to let messages go to syslog, but still load the
audit
rules. I'd alter the initscript to not start it.
Yee. Hah. Didn't take but a little time, and suddenly the disk lit up
again - this time it was syslogd scribbling, so it looks like a 2.6.15-rc5-mm3
issue:
Mar 14 18:02:09 turing-police kernel: [21744.040000] audit(0.000:267): nargs=3 a0=4
a1=bfb7a4f8 a2=bfb7a4a0
Mar 14 18:02:10 turing-police last message repeated 16 times
Mar 14 18:02:10 turing-police kernel: [21744.044000] audit(0.000:267): nargs=3 a0=4
a1=bfb7a4f8 a2=bfb7a4a0
Mar 14 18:02:10 turing-police last message repeated 91 times
Mar 14 18:02:10 turing-police kernel: [21744.048000] audit(0.000:267): nargs=3 a0=4
a1=bfb7a4f8 a2=bfb7a4a0
Mar 14 18:02:10 turing-police last message repeated 107 times
Mar 14 18:02:10 turing-police kernel: [21744.052000] audit(0.000:267): nargs=3 a0=4
a1=bfb7a4f8 a2=bfb7a4a0
Mar 14 18:02:10 turing-police last message repeated 94 times
Mar 14 18:02:10 turing-police kernel: [21744.056000] audit(0.000:267): nargs=3 a0=4
a1=bfb7a4f8 a2=bfb7a4a0
Mar 14 18:02:10 turing-police last message repeated 108 times
Mar 14 18:02:10 turing-police kernel: [21744.060000] audit(0.000:267): nargs=3 a0=4
a1=bfb7a4f8 a2=bfb7a4a0
Mar 14 18:02:10 turing-police last message repeated 87 times
Mar 14 18:02:10 turing-police kernel: [21744.060000] audit(0.000:267): nargs=2 a0=7 a1=4
Mar 14 18:02:10 turing-police kernel: [21744.060000] audit(0.000:267):
saddr=01002F746D702F616C73612D646D69782D393632352D313134323337373332322D363335303934
Mar 14 18:02:10 turing-police kernel: [21744.060000] audit(0.000:267): nargs=3 a0=7
a1=bfb79c90 a2=27
Mar 14 18:02:10 turing-police kernel: [21744.060000] audit(0.000:267): nargs=3 a0=1 a1=1
a2=0
Mar 14 18:02:10 turing-police kernel: [21744.064000] audit(0.000:267): nargs=3 a0=4
a1=bfb7a4f8 a2=bfb7a4a0
Mar 14 18:02:10 turing-police last message repeated 108 times
Mar 14 18:02:10 turing-police kernel: [21744.068000] audit(0.000:267): nargs=3 a0=4
a1=bfb7a4f8 a2=bfb7a4a0
Mar 14 18:02:10 turing-police last message repeated 97 times
Mar 14 18:02:10 turing-police kernel: [21744.072000] audit(0.000:267): nargs=3 a0=4
a1=bfb7a4f8 a2=bfb7a4a0
Mar 14 18:02:10 turing-police last message repeated 64 times
Mar 14 18:02:10 turing-police kernel: [21744.072000] audit(0.000:267): nargs=3 a0=7
a1=bfb79cd4 a2=0
Mar 14 18:02:10 turing-police kernel: [21744.072000] audit(0.000:267): nargs=3 a0=7
a1=bfb79cd4 a2=0
Mar 14 18:02:10 turing-police kernel: [21744.072000] audit(0.000:267):
saddr=01002F746D702F616C73612D646D69782D393632352D313134323337373234352D323032303434
Mar 14 18:02:10 turing-police kernel: [21744.072000] audit(0.000:267): nargs=3 a0=7
a1=bfb79ca0 a2=27
Mar 14 18:02:10 turing-police kernel: [21744.072000] audit(0.000:267): nargs=3 a0=1 a1=1
a2=0
Mar 14 18:02:10 turing-police kernel: [21744.072000] audit(0.000:267): nargs=3 a0=4
a1=bfb7a4f8 a2=bfb7a4a0
Mar 14 18:02:10 turing-police last message repeated 40 times
Mar 14 18:02:10 turing-police kernel: [21744.076000] audit(0.000:267): nargs=3 a0=4
a1=bfb7a4f8 a2=bfb7a4a0
Mar 14 18:02:10 turing-police last message repeated 102 times
Mar 14 18:02:10 turing-police kernel: [21744.080000] audit(0.000:267): nargs=3 a0=4
a1=bfb7a4f8 a2=bfb7a4a0
Mar 14 18:02:10 turing-police last message repeated 99 times
Mar 14 18:02:10 turing-police kernel: [21744.080000] audit(0.000:267): nargs=2 a0=7 a1=4
Mar 14 18:02:10 turing-police kernel: [21744.080000] audit(0.000:267):
saddr=01002F746D702F616C73612D646D69782D393632352D313134323337373234352D323032303434
Mar 14 18:02:10 turing-police kernel: [21744.080000] audit(0.000:267): nargs=3 a0=7
a1=bfb79c90 a2=27
Mar 14 18:02:10 turing-police kernel: [21744.080000] audit(0.000:267): nargs=3 a0=1 a1=1
a2=0
Mar 14 18:02:10 turing-police kernel: [21744.080000] audit(0.000:267): nargs=3 a0=4
a1=bfb7a4f8 a2=bfb7a4a0
Mar 14 18:02:10 turing-police last message repeated 5 times
Mar 14 18:02:10 turing-police kernel: [21744.084000] audit(0.000:267): nargs=3 a0=4
a1=bfb7a4f8 a2=bfb7a4a0
Mar 14 18:02:10 turing-police last message repeated 91 times
Mar 14 18:02:10 turing-police kernel: [21744.088000] audit(0.000:267): nargs=3 a0=4
a1=bfb7a4f8 a2=bfb7a4a0
Mar 14 18:02:10 turing-police last message repeated 106 times
Mar 14 18:02:10 turing-police kernel: [21744.092000] audit(0.000:267): nargs=3 a0=4
a1=bfb7a4f8 a2=bfb7a4a0
Mar 14 18:02:10 turing-police last message repeated 89 times
Mar 14 18:02:10 turing-police kernel: [21744.092000] audit(0.000:267): nargs=2 a0=7 a1=4
Mar 14 18:02:10 turing-police kernel: [21744.092000] audit(0.000:267):
saddr=01002F746D702F616C73612D646D69782D393632352D313134323337373233372D363635333438
Mar 14 18:02:10 turing-police kernel: [21744.092000] audit(0.000:267): nargs=3 a0=7
a1=bfb79c90 a2=27
Mar 14 18:02:10 turing-police kernel: [21744.092000] audit(0.000:267): nargs=3 a0=1 a1=1
a2=0
Mar 14 18:02:10 turing-police kernel: [21744.092000] audit(0.000:267): nargs=3 a0=4
a1=bfb7a4f8 a2=bfb7a4a0
Mar 14 18:02:10 turing-police last message repeated 6 times
Mar 14 18:02:10 turing-police kernel: [21744.096000] audit(0.000:267): nargs=3 a0=4
a1=bfb7a4f8 a2=bfb7a4a0
That's the first second or so of the spew, which continued until 18:02:33.
Interesting that the event is *again* 267......