Has anyone else seen memory Problems with audisp-remote?
Steve Grubb
sgrubb at redhat.com
Thu Nov 4 21:28:31 UTC 2010
On Wednesday, October 27, 2010 10:23:55 pm Jim Richard wrote:
> * Does anyone have any other ideas on what I might do to get to the
> bottom of this?
There is indeed a leak in the remote logging and bz 649952 was opened for it.
> I also have a separate issue, that I'm curious about. Under RedHat EL 5.5
> there doesn't seem to be any limitations on the support for audisp-remote,
> but I just noticed in the release notes for RedHat EL 6 Beta, this
> component is flagged as a Technology Preview in EL 6. Does anyone know the
> reason for the change in status?
It is Technology Preview. Its not quite ready for prime time as it does not yet have a
store and forward model so that events do not get lost. The transport is not encrypted
because we do not enable the gssapi support. This is because the kerberos libraries
are in /usr and audit is in /sbin. So, if you have a NFS based /usr, auditd is broken.
It should have never left "Tech Preview" status.
> Beyond this query I also plan to open a support incident with RedHat, but I
> thought that by using feedback from this group I might be in a better
> position to provide support with useful information to aid in problem
> diagnosis.
If you do, you can reference the above bugzilla number.
-Steve
More information about the Linux-audit
mailing list