FAQ: Why is my Distributed Cloud AIP Agent experiencing odd behavior with auditd?

Issue Symptom: The F5 Distributed Cloud App Infrastructure Protection (AIP) Agent is not sourcing auditd log information.

Agent Behavior: The behavior of the Distributed Cloud AIP Agent varies and may include, but is not limited to, crashes and repeated quick cycles of availability/unavailability (flap).

Issue Root Cause: There is a known issue where the default auditd process only allows one connection for audit socket control. As a result, any non-Distributed Cloud AIP agents that use auditd conflict with the Distributed Cloud AIP Agent over access to audit socket control.

Issue Assistance: If you experience an issue similar to the one described above, please reach out to your CSM. Include details about your environment, such as your build script order and any non-Distributed Cloud AIP Agents on your system that could be leveraging a direct link to your host OS.

Was this article helpful?
0 out of 0 found this helpful