Error Setting Audit Daemon Pid Connection Refused
Start here for a quick overview of the site Help Center Detailed answers to any questions you might have Meta Discuss the workings and policies of this site About Us Learn more about Stack Overflow the company Business Learn more about hiring developers or posting ads with us Server Fault Questions Tags Users Badges Unanswered Ask Question _ Server Fault is a question and answer site for system and network administrators. Join them; it only takes a minute: Sign up Here's how it works: Anybody can ask a question Anybody can answer The best answers are voted up and rise to the top Unable to start auditd up vote 3 down vote favorite I am on CentOS 5.8 final I recently installed auditd via yum install audit however I am unable to start it. I edited the configuration file to give a verbose output of the error it is recieving in starting up and this is the output: # service auditd start Starting auditd: Config file /etc/audit/auditd.conf opened for parsing log_file_parser called with: /var/log/audit/audit.log log_format_parser called with: RAW log_group_parser called with: root priority_boost_parser called with: 4 flush_parser called with: INCREMENTAL freq_parser called with: 20 num_logs_parser called with: 4 qos_parser called with: lossy dispatch_parser called with: /sbin/audispd name_format_parser called with: NONE max_log_size_parser called with: 5 max_log_size_action_parser called with: ROTATE space_left_parser called with: 75 space_action_parser called with: SYSLOG action_mail_acct_parser called with: root admin_space_left_parser called with: 50 admin_space_left_action_parser called with: SUSPEND disk_full_action_parser called with: SUSPEND disk_error_action_parser called with: SUSPEND tcp_listen_queue_parser called with: 5 tcp_max_per_addr_parser called with: 1 tcp_client_max_idle_parser called with: 0 enable_krb5_parser called with: no GSSAPI support is not enabled, ignoring value at line 30 krb5_principal_parser called with: auditd GSSAPI support is not enabled, ignoring value at line 31 Started dispatcher: /sbin/audispd pid: 3097 type=DAEMON_START msg=audit(1339336882.187:9205): auditd start, ver=1.8 format=raw kernel=2.6.32-042stab056.8 auid=4294967295 pid=3095 res=success config_manager init complete Error setting audit daemon pid (Connection refused) type=D
fails to start : Connection refused Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] Greetings: i have an x86_64 Centos5.3 box and i'm trying to run auditd. it fails on startup and this is the O/P at the end: config_manager init complete Error setting audit daemon pid (Connection refused) type=DAEMON_ABORT msg=audit(1260554376.697:5674): auditd error halt, auid=4294967295 pid=32702 http://serverfault.com/questions/397344/unable-to-start-auditd res=failed Unable to set audit pid, exiting The audit daemon is exiting. Error setting audit daemon pid (Connection refused) the only thing i've learned from asking google is that it's a potential problem with the interaction between selinux & auditd, but i haven't found a solution. two questions: 1. https://lists.centos.org/pipermail/centos/2009-December/087135.html anyone know what the problem is? (that or my next step in diagnosing it) 2. if i can't solve it, is there an alternative method for adding watchpoints to directories such that i can be notified of WRITE events for files in that directory (and preferably for all of it's subdirectories)? My kernel version is 2.6.18 (full info below). The audit version is audit.x86_64 0:1.7.13-2.el5 thanks --tom Name : kernel Arch : x86_64 Version : 2.6.18 Release : 164.6.1.el5 Size : 18 M Repo : updates Summary : The Linux kernel (the core of the Linux operating system) URL : http://www.kernel.org/ Previous message: [CentOS] Problem mounting CIFS shares with credential file afterSAMBA update Next message: [CentOS] Auditd fails to start : Connection refused Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] More information about the CentOS mailing list
оторвать kdelibs (KDE3) от KDE4? Сообщения, упорядоченные по: [ дате ] [ дискуссии ] [ теме ] [ автору ] Anton Protopopov пишет: > В https://lists.altlinux.org/pipermail/devel/2009-February/166384.html бранч 4.0 отправлено новое OpenVZ-ядро > kernel-image-ovz-rhel-2.6.18-alt2.M40.1. > Это ядро основано на OpenVZ-шном ядре 028stab060.2, которое, в свою > очередь, > основано на RHEL-ном ядре 2.6.18-92.1.18.el2, и, таким образом, должно > обладать > всеми фичами (и почти всеми багами) последних. Это точно, что почти всеми багами. error setting auditd не стартует. # auditd -f Config file /etc/audit/auditd.conf opened for parsing log_file_parser called with: /var/log/audit/audit.log log_format_parser called with: RAW log_group_parser called with: root priority_boost_parser called with: 3 flush_parser called with: INCREMENTAL freq_parser called with: 20 num_logs_parser called with: 4 qos_parser called with: lossy dispatch_parser called error setting audit with: /sbin/audispd max_log_size_parser called with: 5 max_log_size_action_parser called with: ROTATE space_left_parser called with: 75 space_action_parser called with: SYSLOG action_mail_acct_parser called with: root admin_space_left_parser called with: 50 admin_space_left_action_parser called with: SUSPEND disk_full_action_parser called with: SUSPEND disk_error_action_parser called with: SUSPEND Started dispatcher: /sbin/audispd pid: 10657 type=DAEMON_START msg=audit(1234450585.963:5639): auditd start, ver=1.7 format=raw kernel=2.6.18-ovz-rhel-alt2.M40.2 auid=4294967295 pid=10653 res=success config_manager init complete Error setting audit daemon pid (Connection refused) Unable to set audit pid, exiting type=DAEMON_ABORT msg=audit(1234450585.963:5640): auditd error halt, auid=4294967295 pid=10653 res=failed The audit daemon is exiting. Error setting audit daemon pid (Connection refused) -- WBR, Dubrovskiy Vyacheslav ----------- следующая часть ----------- Было удалено вложение не в текстовом формате... Имя : smime.p7s Тип : application/x-pkcs7-signature Размер : 3262 байтов Описание: S/MIME Cryptographic Signature Url :