auditd hanging the system...
Steve Grubb
sgrubb at redhat.com
Tue Mar 14 22:37:48 UTC 2006
On Tuesday 14 March 2006 17:23, Valdis.Kletnieks at vt.edu wrote:
> Obviously looks like something is getting seriously stuck and replicating
> messages.
>
> Plus, it looks like there's some basic info missing on the
> 'type=SOCKETCALL', like the issuing process ID, etc....
Hmm. I wonder who's guilty. Its either kernel or userspace. One way to cut the
problem in half is to let messages go to syslog, but still load the audit
rules. I'd alter the initscript to not start it.
I wonder if this has anything to do with the mutex conversion...or something
entirely different. I also notice that you have some things out of order.
events 267 & 272 get intertwined.
-Steve
More information about the Linux-audit
mailing list