https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=240762
Bug ID: 240762
Summary: [auditdistd] cannot receive trail files from servers
running auditd on FreeBSD12
Product: Base System
Version: 12.0-RELEASE
Hardware: Any
OS: Any
Status: New
Severity: Affects Some People
Priority: ---
Component: bin
Assignee: [email protected]
Reporter: [email protected]
After upgrading a server running auditd to FreeBSD12 (from FreeBSD 11.2) we
noticed that trail files now have a dot (.) appended to the filename, which our
auditdistd receiver thinks is an invalid trail name.
Logs from our receiver:
(receiver) Sender wants to open file "20190920080142.20190920080929.", which
has invalid name.
(receiver) Request failed: (seq=3) OPEN(20190920080142.20190920080929.):
invalid trail file name.
(receiver) Sender requested append without first opening file.
(receiver) Request failed: (seq=4) APPEND(2646): wrong operations order.
(receiver) Sender requested closing file without first opening it.
(receiver) Request failed: (seq=5) CLOSE(20190920080142.20190920080929.): wrong
operations order.
(receiver) Unable to receive request header: Socket is not connected.
Logs from our sender:
(sender) Termination signal received, exiting.
(sender) Receiver returned error (invalid trail file name), disconnecting.
(sender) Disconnected from 172.22.239.16.
I've tested upgrading the receiver to FreeBSD 12 as well but that doesn't seem
to fix the issue.
I also found this thread reporting the same issue:
https://forums.freebsd.org/threads/auditd-on-freebsd-12-0-release-problem.69686/
--
You are receiving this mail because:
You are the assignee for the bug.
_______________________________________________
[email protected] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-bugs
To unsubscribe, send any mail to "[email protected]"
