auditd hanging the system...
Valdis.Kletnieks at vt.edu
Valdis.Kletnieks at vt.edu
Tue Mar 14 23:02:02 UTC 2006
On Tue, 14 Mar 2006 17:37:48 EST, Steve Grubb said:
> Hmm. I wonder who's guilty. Its either kernel or userspace. One way to cut the
> problem in half is to let messages go to syslog, but still load the audit
> rules. I'd alter the initscript to not start it.
I've managed to trigger it every few hours (3 times since I got to work today,
and several times yesterday), so I'll give that a try.
> I wonder if this has anything to do with the mutex conversion...or something
> entirely different. I also notice that you have some things out of order.
> events 267 & 272 get intertwined.
Yes, if it hadn't intertwined them, we'd just have gotten about 3,000 copies of
event 267, and then 3,000 or so of 272. But I suspect the intertwining and the
duplicating are both symptoms of the same root fault....
And the "time->Wed Dec 31 19:00:00 1969" parts are odd, too, considering that
the machine in question is NTP-synced and has a sane clock....
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20060314/5e255453/attachment.sig>
More information about the Linux-audit
mailing list