Issue Symptom: The Threat Stack Agent is not sourcing auditd log information.
Agent Behavior: The behavior of the Threat Stack Agent varies and may include, but is not limited to, crashes and repeated quick cycles of availability/unavailability (flap).
Issue Root Cause: There is a known issue where the default auditd process only allows one connection for audit socket control. As a result, any non-Threat Stack agents that use auditd conflict with the Threat Stack Agent over access to audit socket control.
Issue Assistance: If you experience an issue similar to the one described above, please reach out to your CSM. Include details about your environment, such as your build script order and any non-Threat Stack Agents on your system that could be leveraging a direct link to your host OS.