<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">

<head>
<meta http-equiv=Content-Type content="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 12 (filtered medium)">
<!--[if !mso]>
<style>
v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style>
<![endif]-->
<style>
<!--
 /* Font Definitions */
 @font-face
        {font-family:"Cambria Math";
        panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
        {font-family:Tahoma;
        panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
        {font-family:Webdings;
        panose-1:5 3 1 2 1 5 9 6 7 3;}
 /* Style Definitions */
 p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0cm;
        margin-bottom:.0001pt;
        font-size:11.0pt;
        font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {mso-style-priority:99;
        color:purple;
        text-decoration:underline;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
        {mso-style-priority:99;
        mso-style-link:"Balloon Text Char";
        margin:0cm;
        margin-bottom:.0001pt;
        font-size:8.0pt;
        font-family:"Tahoma","sans-serif";}
span.EmailStyle17
        {mso-style-type:personal-compose;
        font-family:"Arial","sans-serif";
        color:windowtext;}
span.BalloonTextChar
        {mso-style-name:"Balloon Text Char";
        mso-style-priority:99;
        mso-style-link:"Balloon Text";
        font-family:"Tahoma","sans-serif";}
.MsoChpDefault
        {mso-style-type:export-only;}
@page Section1
        {size:612.0pt 792.0pt;
        margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.Section1
        {page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
 <o:shapedefaults v:ext="edit" spidmax="2050" />
</xml><![endif]--><!--[if gte mso 9]><xml>
 <o:shapelayout v:ext="edit">
  <o:idmap v:ext="edit" data="1" />
 </o:shapelayout></xml><![endif]-->
</head>

<body lang=EN-US link=blue vlink=purple>

<div class=Section1>

<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>I would like
to know how I can read the auditd log files stored in /var/log/audit.d.<o:p></o:p></span></p>

<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p> </o:p></span></p>

<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>I have a
problem where the auditd system seems to go haywire, fills the /var filesystem
up to its maximum allowed 80% and then starts to try and delete the old log
files but the /var filesystem keeps filling up, at which point it ceases
execution and then I have SysEdge reporting a massive CPU load and the whole
server locks up.<o:p></o:p></span></p>

<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p> </o:p></span></p>

<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>I believe the
auditd system’s behavior is symptomatic, rather than the cause of the
problem.   I note that the auditd log files are in some binary
format.  Is there a means to read them?<o:p></o:p></span></p>

<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p> </o:p></span></p>

<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p> </o:p></span></p>

<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>cheers<o:p></o:p></span></p>

<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p> </o:p></span></p>

<p class=MsoNormal><b><span lang=EN-AU style='font-size:9.0pt;font-family:"Arial","sans-serif";
color:#19A9C2'>Brian Ross<br>
</span></b><span lang=EN-AU style='font-size:9.0pt;font-family:"Arial","sans-serif";
color:#323232'>Technical Consultant<br>
</span><span lang=EN-AU style='color:#1F497D'><br>
</span><b><span lang=EN-AU style='font-size:9.0pt;font-family:"Arial","sans-serif";
color:#323232'>ASG Group Limited<br>
</span></b><span lang=EN-AU style='font-size:9.0pt;font-family:"Arial","sans-serif";
color:#323232'>Level 1 / 267 St Georges Tce.<br>
Perth, WA, 6000<br>
</span><span lang=EN-AU style='font-size:9.0pt;font-family:"Arial","sans-serif";
color:#939BA0'>Telephone           
+61 8 9420 5451</span><span lang=EN-AU style='font-size:12.0pt;font-family:
"Times New Roman","serif";color:#1F497D'><o:p></o:p></span></p>

<p class=MsoNormal><span lang=EN-AU style='font-size:9.0pt;font-family:"Arial","sans-serif";
color:#939BA0'>Mobile                   +61
0434 181 701</span><span lang=EN-AU style='font-size:10.0pt;font-family:"Arial","sans-serif";
color:#1F497D'><o:p></o:p></span></p>

<p class=MsoNormal><span lang=EN-AU style='font-size:9.0pt;font-family:"Arial","sans-serif";
color:#939BA0'>Facsimile             
+61 8 9420 5422</span><span lang=EN-AU style='font-size:10.0pt;font-family:
"Arial","sans-serif";color:#1F497D'><o:p></o:p></span></p>

<p class=MsoNormal><span lang=EN-AU style='font-size:9.0pt;font-family:"Arial","sans-serif";
color:#939BA0'><a href="mailto:DooWhan.Kweon@asggroup.com.au"><span
style='color:blue'>Brian.Ross@asggroup.com.au</span></a><o:p></o:p></span></p>

<p class=MsoNormal><span lang=EN-AU style='font-size:9.0pt;font-family:"Arial","sans-serif";
color:#939BA0'><a href="http://www.asggroup.com.au/"><span style='color:blue'>http://www.asggroup.com.au/</span></a><o:p></o:p></span></p>

<p class=MsoNormal><span lang=EN-AU style='font-family:"Arial","sans-serif";
color:#7F7F7F'><br>
</span><span style='font-family:"Arial","sans-serif";color:#7F7F7F'><img
border=0 width=258 height=77 id="Picture_x0020_1"
src="cid:image001.gif@01CBDE5F.519A30B0" alt="cid:3367564908_5859578"></span><span
lang=EN-AU style='font-family:"Arial","sans-serif";color:#7F7F7F'><br>
</span><span lang=EN-AU style='font-size:8.0pt;font-family:"Arial","sans-serif";
color:#7F7F7F'>Confidentiality Notice: The information contained in this
message is strictly confidential. It is intended only for the use of the
individual or entity named above. If the reader is not the intended recipient,
or the authorised agent thereof, you are hereby notified that any disclosure,
use, distribution or copying of the within information is strictly prohibited.
If you have received this message in error, please notify us immediately by
telephone and delete all copies of the original message.<br>
</span><span lang=EN-AU style='font-size:18.0pt;font-family:Webdings;
color:#00B050'>P</span><span lang=EN-AU style='color:#00B050'> </span><span
lang=EN-AU style='font-size:7.0pt;font-family:"Arial","sans-serif";color:#00B050'>PLEASE
CONSIDER THE ENVIRONMENT BEFORE YOU PRINT THIS E-MAIL</span><span lang=EN-AU
style='font-size:7.0pt;font-family:"Arial","sans-serif";color:#7F7F7F'><o:p></o:p></span></p>

<p class=MsoNormal><o:p> </o:p></p>

</div>

</body>

</html>