Re: wierd audit problems on one RHEL ES4 box

Steve Grubb wrote: After reboot, there is now nothing in /var/run with audit, or even au in the name. The service is stopped, and I cannot start it. Starting just fails. I noticed that auditd stopped writing to /var/log/audit/audit.log a few hours before the log was rotated. Rotation failed. Auditing has since been putting its output in /var/log/messages, even though auditd is not running, though "ps aux" shows root 2242 0.0 0.0 0 0 ? S< Apr12 0:00 [kauditd] I think the problem is that auditd cannot write to the log, but I don't know why. The permissions on the log seems to be the same as on other systems I run. The directory permission was 700, where it is 750 on other systems, but changing it to 750 didn't help. Any other ideas?