audit collection
LC Bruzenak
lenny at magitekltd.com
Mon Sep 15 17:35:40 UTC 2008
On Mon, 2008-09-15 at 13:24 -0400, DJ Delorie wrote:
> > Sep 15 11:48:14 comms audispd: queue is full - dropping event
> >
> > I assume this indicates the problem - sending isn't happening so the
> > audispd queue fills.
>
> Yes, this means nothing is getting across the network. Have you tried
> running tcpdump on the client side? Or running gdb on the running
> audisp-remote to see where it's stuck.
(gdb) where
#0 0x0000000000892590 in __read_nocancel () from /lib64/libc.so.6
#1 0x00007f25874db914 in main (argc=<value optimized out>, argv=<value
optimized out>)
at /usr/include/bits/unistd.h:45
I suppose I'd need to run the debug code to get a better analysis.
LCB.
--
LC (Lenny) Bruzenak
lenny at magitekltd.com
More information about the Linux-audit
mailing list