auditd log files

Wed Mar 9 05:46:26 UTC 2011

I would like to know how I can read the auditd log files stored in /var/log/audit.d.

I have a problem where the auditd system seems to go haywire, fills the /var filesystem up to its maximum allowed 80% and then starts to try and delete the old log files but the /var filesystem keeps filling up, at which point it ceases execution and then I have SysEdge reporting a massive CPU load and the whole server locks up.

I believe the auditd system's behavior is symptomatic, rather than the cause of the problem.   I note that the auditd log files are in some binary format.  Is there a means to read them?

cheers

Brian Ross
Technical Consultant

ASG Group Limited
Level 1 / 267 St Georges Tce.
Perth, WA, 6000
Telephone            +61 8 9420 5451
Mobile                   +61 0434 181 701
Facsimile              +61 8 9420 5422
Brian.Ross at asggroup.com.au<mailto:DooWhan.Kweon at asggroup.com.au>
http://www.asggroup.com.au/

[cid:image001.gif at 01CBDE5F.519A30B0]
Confidentiality Notice: The information contained in this message is strictly confidential. It is intended only for the use of the individual or entity named above. If the reader is not the intended recipient, or the authorised agent thereof, you are hereby notified that any disclosure, use, distribution or copying of the within information is strictly prohibited. If you have received this message in error, please notify us immediately by telephone and delete all copies of the original message.
P PLEASE CONSIDER THE ENVIRONMENT BEFORE YOU PRINT THIS E-MAIL

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20110309/f4fb72e4/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.gif
Type: image/gif
Size: 5851 bytes
Desc: image001.gif
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20110309/f4fb72e4/attachment.gif>