Changeset 595


Ignore:
Timestamp:
10/26/11 17:54:53 (2 years ago)
Author:
sgrubb
Message:

In auditd, if disk_error_action is ignore, limit syslog messages to 5

Location:
branches/1.8
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • branches/1.8/ChangeLog

    r591 r595  
    2323- Update the man pages a little 
    2424- Add some debug info to audidp-remote startup and shutdown 
     25- In auditd, if disk_error_action is ignore, limit syslog messages to 5 
    2526 
    26271.7.18 
  • branches/1.8/docs/auditd.conf.5

    r589 r595  
    205205If set to 
    206206.IR ignore , 
    207 the audit daemon will issue a syslog message but no other action is taken. 
     207the audit daemon will issue up to 5 syslog messages before suppressing them but no other action is taken. 
    208208.I Syslog 
    209209means that it will issue a warning to syslog. 
  • branches/1.8/src/auditd-event.c

    r579 r595  
    7979static struct auditd_consumer_data consumer_data; 
    8080static pthread_t event_thread; 
     81static unsigned int disk_err_warning = 0; 
    8182static int fs_space_warning = 0; 
    8283static int fs_admin_space_warning = 0; 
     
    255256        logging_suspended = 0;  
    256257        fs_space_left = 1; 
     258        disk_err_warning = 0; 
    257259        fs_space_warning = 0; 
    258260        fs_admin_space_warning = 0; 
     
    428430                        ack_type = AUDIT_RMW_TYPE_DISKLOW; 
    429431                send_ack(data, ack_type, msg); 
     432                disk_err_warning = 0; 
    430433        } 
    431434} 
     
    612615        char text[128]; 
    613616 
    614         snprintf(text, sizeof(text),  
    615             "%s: Audit daemon detected an error writing an event to disk (%s)", 
    616                 func, strerror(err)); 
    617         audit_msg(LOG_ALERT, "%s", text); 
    618617 
    619618        switch (config->disk_error_action) 
    620619        { 
    621620                case FA_IGNORE: 
    622                 case FA_SYSLOG: /* Message is syslogged above */ 
     621                        if (disk_err_warning < 5) { 
     622                                snprintf(text, sizeof(text),  
     623                            "%s: Audit daemon detected an error writing an event to disk (%s)", 
     624                                        func, strerror(err)); 
     625                                audit_msg(LOG_ALERT, "%s", text); 
     626                                disk_err_warning++; 
     627                        } 
     628                        break; 
     629                case FA_SYSLOG: 
     630                        snprintf(text, sizeof(text),  
     631                            "%s: Audit daemon detected an error writing an event to disk (%s)", 
     632                                func, strerror(err)); 
     633                        audit_msg(LOG_ALERT, "%s", text); 
    623634                        break; 
    624635                case FA_EXEC: 
     
    10381049        free((char *)oconf->disk_error_exe); 
    10391050        oconf->disk_error_exe = nconf->disk_error_exe; 
     1051        disk_err_warning = 0; 
    10401052 
    10411053        // numlogs is next 
Note: See TracChangeset for help on using the changeset viewer.