Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

/var/log/audit.d? Use?

Discussion in 'General Discussion' started by nurseryboy, Apr 12, 2005.

  1. nurseryboy

    nurseryboy Well-Known Member

    Joined:
    Mar 3, 2003
    Messages:
    78
    Likes Received:
    0
    Trophy Points:
    156
    Hello,

    I was just wondering what the audit.d directory in /var/log is for? It is currently taking up 3.5 gigs of /var, so I'd really like to know if I can remove it or not.

    Thanks.

    Matt
     
  2. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,460
    Likes Received:
    21
    Trophy Points:
    463
    Location:
    Go on, have a guess
    It's used by the laus application which most people never use. It also causes problems on some servers. I'd recommend removing laus and clearing down the directory:

    rpm -e laus
    rm -Rf /var/spool/audit.d/
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. nurseryboy

    nurseryboy Well-Known Member

    Joined:
    Mar 3, 2003
    Messages:
    78
    Likes Received:
    0
    Trophy Points:
    156
    Ok, great. Just removed it :)

    Thank you very much.

    Matt
     
  4. Dacsoft

    Dacsoft Well-Known Member

    Joined:
    Aug 30, 2003
    Messages:
    45
    Likes Received:
    0
    Trophy Points:
    156
    Location:
    Melbourne, Florida
    Chirpy,
    What is the laus application? I have this problem on my one CentOs server. I don't mind removing it, but would like to know what I am removing.

    Never mind. A search found me many threads where you already covered this. Thank you
     
    #4 Dacsoft, Jul 22, 2005
    Last edited: Jul 22, 2005
  5. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,460
    Likes Received:
    21
    Trophy Points:
    463
    Location:
    Go on, have a guess
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. webignition

    webignition Well-Known Member

    Joined:
    Jan 22, 2005
    Messages:
    1,880
    Likes Received:
    0
    Trophy Points:
    166
    Not that I want to sound picky, but just to check - do you mean:

    /var/log/audit.d/

    instead of:

    /var/spool/audit.d/
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,460
    Likes Received:
    21
    Trophy Points:
    463
    Location:
    Go on, have a guess
    Yes, you're quite correct, it should be /var/log/audit.d/
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  8. Def

    Def Well-Known Member

    Joined:
    Feb 21, 2003
    Messages:
    63
    Likes Received:
    0
    Trophy Points:
    156
    Thanks for this Chirpy.
     
  9. Kerstin

    Kerstin Well-Known Member

    Joined:
    Apr 9, 2005
    Messages:
    136
    Likes Received:
    0
    Trophy Points:
    166
    Location:
    Berlin
    Laus parameter ;) are unkown for me.

    I think so, the correct path is
    /var/spool/audit.d/
    and only intersted for you when the auditing system in use.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  10. kris1351

    kris1351 Well-Known Member

    Joined:
    Apr 18, 2003
    Messages:
    963
    Likes Received:
    0
    Trophy Points:
    166
    Location:
    Lewisville, Tx
    Hey Chirpy-

    I have one annoying server that has a Cron job somehow still running for Laus even after removal. Nothing in the /var/spool/cron or the /etc/cron* setups for laus, crond restarted, server rebooted and still I get tons of messages in the logwatch that the crond can't find the laus executions. I know it is probably sleep deprivation, but been chasing this one for a week. Any other places that cron job could hide?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  11. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,460
    Likes Received:
    21
    Trophy Points:
    463
    Location:
    Go on, have a guess
    You need to:

    echo alias "char-major-10-224 off" >> /etc/modules.conf
    service crond stop
    rmmod audit
    service crond start
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice