You are not logged in.
Pages: 1
I get these message in dmesg. I'm just wondering what they are:
[Sat Mar 8 09:10:01 2014] type=1006 audit(1394266201.924:12): pid=4196 uid=0 old auid=4294967295 new auid=999 old ses=4294967295 new ses=11 res=1
[Sat Mar 8 09:15:01 2014] type=1006 audit(1394266501.882:13): pid=4555 uid=0 old auid=4294967295 new auid=999 old ses=4294967295 new ses=12 res=1
[Sat Mar 8 09:20:00 2014] type=1006 audit(1394266801.607:14): pid=4916 uid=0 old auid=4294967295 new auid=999 old ses=4294967295 new ses=13 res=1
[Sat Mar 8 09:25:00 2014] type=1006 audit(1394267101.495:15): pid=5275 uid=0 old auid=4294967295 new auid=999 old ses=4294967295 new ses=14 res=1
[Sat Mar 8 09:25:20 2014] perf samples too long (5015 > 4990), lowering kernel.perf_event_max_sample_rate to 25200
[Sat Mar 8 09:30:01 2014] type=1006 audit(1394267401.903:16): pid=5633 uid=0 old auid=4294967295 new auid=999 old ses=4294967295 new ses=15 res=1
[Sat Mar 8 09:31:50 2014] type=1006 audit(1394267511.438:17): pid=5989 uid=0 old auid=4294967295 new auid=1000 old ses=4294967295 new ses=16 res=1
[Sat Mar 8 09:31:50 2014] type=1006 audit(1394267511.478:18): pid=5991 uid=0 old auid=4294967295 new auid=1000 old ses=4294967295 new ses=17 res=1
Could this be munin?
Last edited by theking2 (2014-03-08 08:37:00)
archlinux on a Gigabyte C1037UN-EU, 16GiB
a Promise PDC40718 based ZFS set
root on a Samsung SSD PB22-J
running LogitechMediaServer(-git), Samba, MiniDLNA, TOR
Offline
I have no idea what these mean, but it is the kernel's audit subsystem. I get these messages on one of my machine. Why, I have no idea...
You can turn off audit with 'audit=0' on the kernel command line. Otherwise, there is an 'audit' package which may be able to quiet these messages.
Offline
Thanks WonderWoofy,
I don't mind an audit but a line every five minutes shurely gobbles up to much space on my SSD. And I don't want to switch off something I don't know what its doing.
archlinux on a Gigabyte C1037UN-EU, 16GiB
a Promise PDC40718 based ZFS set
root on a Samsung SSD PB22-J
running LogitechMediaServer(-git), Samba, MiniDLNA, TOR
Offline
I get similar lines in my dmesg... have seen them for a while now.
I don't mind an audit but a line every five minutes shurely gobbles up to much space on my SSD.
So set this and reboot:
/etc/systemd/journald.conf
[Journal]
Storage=volatile
#Compress=yes
#Seal=yes
#SplitMode=login
#SyncIntervalSec=5m
#RateLimitInterval=30s
#RateLimitBurst=1000
SystemMaxUse=20M
#SystemKeepFree=
...
Last edited by graysky (2014-03-08 09:45:57)
CPU-optimized Linux-ck packages @ Repo-ck • AUR packages • Zsh and other configs
Offline
My SystemMaxUse=10M
and /var/log/journal now is 17M
1.9M archive
68K auth.log
36K boot
24K boot.1.gz
352K btmp
64K crond.log
8.0K cups
52K daemon.log
48K dmesg.log
0 dnsmasq.log
8.0K errors.log
40K everything.log
12K faillog
468K httpd
17M journal
40K kernel.log
48K lastlog
28K logitechmediaserver
40K messages.log
3.3M munin
28K ntp.log
4.0K old
696K pacman.log
4.0K php
12K pm-powersave.log
24K pm-suspend.log
164K remote
du: cannot read directory ‘samba/cores’: Permission denied
408K samba
24K syslog.log
14M tor
24K user.log
0 uucp.log
4.0K vsftpd.log
16K wtmp
Last edited by theking2 (2014-03-20 20:09:11)
archlinux on a Gigabyte C1037UN-EU, 16GiB
a Promise PDC40718 based ZFS set
root on a Samsung SSD PB22-J
running LogitechMediaServer(-git), Samba, MiniDLNA, TOR
Offline
It's better to post just the output of
du -sh /var/log/journal
What's the output of
grep -v "#" /etc/systemd/journald.conf
I think the journal can take up SystemMaxUse + SystemMaxFileSize.
Offline
journal
# du -sh /var/log/journal
17M /var/log/journal
journald.conf
# grep -v "#" /etc/systemd/journald.conf
[Journal]
Storage=auto
SystemMaxUse=1M
RuntimeMaxUse=1M
SystemMaxFileSize=1M
MaxRetentionSec=100 day
MaxFileSec=1 week
ForwardToSyslog=yes
archlinux on a Gigabyte C1037UN-EU, 16GiB
a Promise PDC40718 based ZFS set
root on a Samsung SSD PB22-J
running LogitechMediaServer(-git), Samba, MiniDLNA, TOR
Offline
Offline
Thanks for the link. Where would auditd be on an Arch FS?
archlinux on a Gigabyte C1037UN-EU, 16GiB
a Promise PDC40718 based ZFS set
root on a Samsung SSD PB22-J
running LogitechMediaServer(-git), Samba, MiniDLNA, TOR
Offline
Pages: 1