FAQ: Why is my Threat Stack Agent experiencing odd behavior with auditd?

Follow

 

Issue Symptom: The Threat Stack Agent is not sourcing auditd log information.

Agent Behavior: The behavior of the Threat Stack Agent varies and may include, but is not limited to, crashes and repeated quick cycles of availability/unavailability (flap).

Issue Root Cause: There is a known issue where the default auditd process only allows one connection for audit socket control. As a result, any non-Threat Stack agents that use auditd conflict with the Threat Stack Agent over access to audit socket control.

Issue Assistance: If you experience an issue similar to the one described above, please reach out to your CSM. Include details about your environment, such as your build script order and any non-Threat Stack Agents on your system that could be leveraging a direct link to your host OS.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

0 comments

Article is closed for comments.