The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

/var/log/audit.d? Use?

Discussion in 'General Discussion' started by nurseryboy, Apr 12, 2005.

  1. nurseryboy

    nurseryboy Well-Known Member

    Joined:
    Mar 3, 2003
    Messages:
    78
    Likes Received:
    0
    Trophy Points:
    6
    Hello,

    I was just wondering what the audit.d directory in /var/log is for? It is currently taking up 3.5 gigs of /var, so I'd really like to know if I can remove it or not.

    Thanks.

    Matt
     
  2. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    It's used by the laus application which most people never use. It also causes problems on some servers. I'd recommend removing laus and clearing down the directory:

    rpm -e laus
    rm -Rf /var/spool/audit.d/
     
  3. nurseryboy

    nurseryboy Well-Known Member

    Joined:
    Mar 3, 2003
    Messages:
    78
    Likes Received:
    0
    Trophy Points:
    6
    Ok, great. Just removed it :)

    Thank you very much.

    Matt
     
  4. Dacsoft

    Dacsoft Well-Known Member

    Joined:
    Aug 30, 2003
    Messages:
    45
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Melbourne, Florida
    Chirpy,
    What is the laus application? I have this problem on my one CentOs server. I don't mind removing it, but would like to know what I am removing.

    Never mind. A search found me many threads where you already covered this. Thank you
     
    #4 Dacsoft, Jul 22, 2005
    Last edited: Jul 22, 2005
  5. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
  6. webignition

    webignition Well-Known Member

    Joined:
    Jan 22, 2005
    Messages:
    1,880
    Likes Received:
    0
    Trophy Points:
    36
    Not that I want to sound picky, but just to check - do you mean:

    /var/log/audit.d/

    instead of:

    /var/spool/audit.d/
     
  7. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Yes, you're quite correct, it should be /var/log/audit.d/
     
  8. Def

    Def Well-Known Member

    Joined:
    Feb 21, 2003
    Messages:
    63
    Likes Received:
    0
    Trophy Points:
    6
    Thanks for this Chirpy.
     
  9. Kerstin

    Kerstin Well-Known Member

    Joined:
    Apr 9, 2005
    Messages:
    136
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Berlin
    Laus parameter ;) are unkown for me.

    I think so, the correct path is
    /var/spool/audit.d/
    and only intersted for you when the auditing system in use.
     
  10. kris1351

    kris1351 Well-Known Member

    Joined:
    Apr 18, 2003
    Messages:
    963
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Lewisville, Tx
    Hey Chirpy-

    I have one annoying server that has a Cron job somehow still running for Laus even after removal. Nothing in the /var/spool/cron or the /etc/cron* setups for laus, crond restarted, server rebooted and still I get tons of messages in the logwatch that the crond can't find the laus executions. I know it is probably sleep deprivation, but been chasing this one for a week. Any other places that cron job could hide?
     
  11. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    You need to:

    echo alias "char-major-10-224 off" >> /etc/modules.conf
    service crond stop
    rmmod audit
    service crond start
     
Loading...

Share This Page