Managers,
I have searched the archive to no avail.
I am running C2 with auditing turned on. I have a host node that logs
all the auditing from 11 other nodes (plus its own).
There are 12 audit daemons running on the host node (as it should be).
So that the audit logs do not get overly large - I dump them daily to
tape.
I run on the host node:
auditd -x -- this compresses the auditlog for host
node and restarts a new auditlog.
auditd -x -p number -- where number is the audit daemon
id number relating to a remote node's auditd (number can be found from
auditd -w) - compresses the auditlog for the node and restarts a new
auditlog.
This last step is done for all 11 nodes. It generates 11 defunct
processes whose parent is the auditd process for that node.
Everyday it generates 11 defunct processes.
I can eliminate the defunct processes by running /sbin/init.d/audit
stop and then start - but auditd command should not work this way.
Any hints?
Thank you,
Louis
lamullikin_at_ccgate.hac.com
Received on Tue May 26 1998 - 18:07:04 NZST