Audit slowing system.
David Flatley
dflatley at us.ibm.com
Thu May 5 13:00:13 UTC 2011
Yes I have had to adjust the rules file for RHEL 4. I have this
running on several RHEL 4 systems with no problems but this system is a
server
running a database. I upped the priority from 3 to 4 and increased the
buffer from 8 to 12 megs. I will recheck for the -F.
Thanks.
D Flatley
From:
Steve Grubb <sgrubb at redhat.com>
To:
linux-audit at redhat.com
Cc:
David Flatley/Burlington/IBM at IBMUS
Date:
05/05/2011 08:48 AM
Subject:
Re: Audit slowing system.
On Wednesday, May 04, 2011 03:41:09 PM David Flatley wrote:
> RHEL 4.7 system running Steve Grubb's STIG compliant audit.rules
file.
> System seems to be struggling to run audit. I run this
> config on several systems with no problems. Top does not show anything
> that indicates a problem, no directories filling. Any
> suggestions on settings to change? It is a 64 bit system with the 32 bit
> rules commented out in the rules file.
Are you getting lots of audit events logged? If so, that might point
towards a rule
that might need adjusting. Also, stig rules were never shipped (or tested)
on RHEL4.
So, I don't know which ones you are using. If the rules do not explicitly
add the -F
arch=b64 on the 64 bit rules, that would cause problems.
-Steve
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20110505/b4d1221b/attachment.htm>
More information about the Linux-audit
mailing list