You are not logged in.

Pages: 1

#1 2014-03-08 08:36:35

theking2
Banned
From: Romanshorn Switzerland
Registered: 2009-03-04
Posts: 372

Odd message in dmesg

I get these message in dmesg. I'm just wondering what they are:

[Sat Mar  8 09:10:01 2014] type=1006 audit(1394266201.924:12): pid=4196 uid=0 old auid=4294967295 new auid=999 old ses=4294967295 new ses=11 res=1
[Sat Mar  8 09:15:01 2014] type=1006 audit(1394266501.882:13): pid=4555 uid=0 old auid=4294967295 new auid=999 old ses=4294967295 new ses=12 res=1
[Sat Mar  8 09:20:00 2014] type=1006 audit(1394266801.607:14): pid=4916 uid=0 old auid=4294967295 new auid=999 old ses=4294967295 new ses=13 res=1
[Sat Mar  8 09:25:00 2014] type=1006 audit(1394267101.495:15): pid=5275 uid=0 old auid=4294967295 new auid=999 old ses=4294967295 new ses=14 res=1
[Sat Mar  8 09:25:20 2014] perf samples too long (5015 > 4990), lowering kernel.perf_event_max_sample_rate to 25200
[Sat Mar  8 09:30:01 2014] type=1006 audit(1394267401.903:16): pid=5633 uid=0 old auid=4294967295 new auid=999 old ses=4294967295 new ses=15 res=1
[Sat Mar  8 09:31:50 2014] type=1006 audit(1394267511.438:17): pid=5989 uid=0 old auid=4294967295 new auid=1000 old ses=4294967295 new ses=16 res=1
[Sat Mar  8 09:31:50 2014] type=1006 audit(1394267511.478:18): pid=5991 uid=0 old auid=4294967295 new auid=1000 old ses=4294967295 new ses=17 res=1

Could this be munin?

Last edited by theking2 (2014-03-08 08:37:00)

archlinux on a Gigabyte C1037UN-EU, 16GiB
a Promise  PDC40718 based ZFS set
root on a Samsung SSD PB22-J
running LogitechMediaServer(-git), Samba, MiniDLNA, TOR

Offline

#2 2014-03-08 08:53:53

WonderWoofy
Member
From: Los Gatos, CA
Registered: 2012-05-19
Posts: 8,414

Re: Odd message in dmesg

I have no idea what these mean, but it is the kernel's audit subsystem.  I get these messages on one of my machine.  Why, I have no idea...

You can turn off audit with 'audit=0' on the kernel command line.  Otherwise, there is an 'audit' package which may be able to quiet these messages.

Offline

#3 2014-03-08 09:39:37

theking2
Banned
From: Romanshorn Switzerland
Registered: 2009-03-04
Posts: 372

Re: Odd message in dmesg

Thanks WonderWoofy,

I don't mind an audit but a line every five minutes shurely gobbles up to much space on my SSD. And I don't want to switch off something I don't know what its doing.

archlinux on a Gigabyte C1037UN-EU, 16GiB
a Promise  PDC40718 based ZFS set
root on a Samsung SSD PB22-J
running LogitechMediaServer(-git), Samba, MiniDLNA, TOR

Offline

#4 2014-03-08 09:43:51

graysky
Wiki Maintainer
From: :wq
Registered: 2008-12-01
Posts: 10,598
Website

Re: Odd message in dmesg

I get similar lines in my dmesg... have seen them for a while now.

theking2 wrote:

I don't mind an audit but a line every five minutes shurely gobbles up to much space on my SSD.

So set this and reboot:
/etc/systemd/journald.conf

[Journal]
Storage=volatile
#Compress=yes
#Seal=yes
#SplitMode=login
#SyncIntervalSec=5m
#RateLimitInterval=30s
#RateLimitBurst=1000
SystemMaxUse=20M
#SystemKeepFree=
...

Last edited by graysky (2014-03-08 09:45:57)

CPU-optimized Linux-ck packages @ Repo-ck  • AUR packagesZsh and other configs

Offline

#5 2014-03-20 20:07:44

theking2
Banned
From: Romanshorn Switzerland
Registered: 2009-03-04
Posts: 372

Re: Odd message in dmesg

My SystemMaxUse=10M

and /var/log/journal now is 17M

1.9M    archive
68K     auth.log
36K     boot
24K     boot.1.gz
352K    btmp
64K     crond.log
8.0K    cups
52K     daemon.log
48K     dmesg.log
0       dnsmasq.log
8.0K    errors.log
40K     everything.log
12K     faillog
468K    httpd
17M     journal
40K     kernel.log
48K     lastlog
28K     logitechmediaserver
40K     messages.log
3.3M    munin
28K     ntp.log
4.0K    old
696K    pacman.log
4.0K    php
12K     pm-powersave.log
24K     pm-suspend.log
164K    remote
du: cannot read directory ‘samba/cores’: Permission denied
408K    samba
24K     syslog.log
14M     tor
24K     user.log
0       uucp.log
4.0K    vsftpd.log
16K     wtmp

Last edited by theking2 (2014-03-20 20:09:11)

archlinux on a Gigabyte C1037UN-EU, 16GiB
a Promise  PDC40718 based ZFS set
root on a Samsung SSD PB22-J
running LogitechMediaServer(-git), Samba, MiniDLNA, TOR

Offline

#6 2014-03-20 20:23:58

karol
Archivist
Registered: 2009-05-06
Posts: 25,440

Re: Odd message in dmesg

It's better to post just the output of

du -sh /var/log/journal

What's the output of

grep -v "#" /etc/systemd/journald.conf

I think the journal can take up SystemMaxUse + SystemMaxFileSize.

Offline

#7 2015-01-03 13:03:44

theking2
Banned
From: Romanshorn Switzerland
Registered: 2009-03-04
Posts: 372

Re: Odd message in dmesg

journal

# du -sh /var/log/journal
17M     /var/log/journal

journald.conf

# grep -v "#" /etc/systemd/journald.conf

[Journal]
Storage=auto
SystemMaxUse=1M
RuntimeMaxUse=1M
SystemMaxFileSize=1M
MaxRetentionSec=100 day
MaxFileSec=1 week
ForwardToSyslog=yes

archlinux on a Gigabyte C1037UN-EU, 16GiB
a Promise  PDC40718 based ZFS set
root on a Samsung SSD PB22-J
running LogitechMediaServer(-git), Samba, MiniDLNA, TOR

Offline

#8 2015-01-03 23:17:36

ℜ ™
Member
Registered: 2014-12-28
Posts: 12

Re: Odd message in dmesg

http://security.blogoverflow.com/2013/0 … to-auditd/

Offline

#9 2015-02-11 18:04:55

theking2
Banned
From: Romanshorn Switzerland
Registered: 2009-03-04
Posts: 372

Re: Odd message in dmesg

ℜ ™ wrote:

Thanks for the link. Where would auditd be on an Arch FS?

archlinux on a Gigabyte C1037UN-EU, 16GiB
a Promise  PDC40718 based ZFS set
root on a Samsung SSD PB22-J
running LogitechMediaServer(-git), Samba, MiniDLNA, TOR

Offline

Pages: 1

Board footer

Powered by FluxBB