Page 1 of 3 123 LastLast
Results 1 to 10 of 26
  1. #1
    Debiant Myth's Avatar
    Join Date
    Feb 2005
    Location
    DFT
    Posts
    5,409

    Default More Linux questions...

    IN the last few days, I have noticed a change in the shutdown of my FC4. As it scrolls down shutting off services; it now has a heap of text underneath auditd .. including the words NO DAEMON.
    I have had a look in services, and it shows auditd is running. The thing is I haven't changed anything. Just prior I had completed a large download (700MB). Part way through that download (through Azureus) the download froze, so I had to log off and logon again. Restarted the download and it went perfectly.
    Nothing else has been done. The text (theres about 5+ lines of it) doesn't hang the machine or affected shutdown... Im just wondering how to fix it.

    There was another question but it seems to have slipped my mind for the time... will post when I remember
    (morganj): 0 is false and 1 is true, correct?
    (alec_eso): 1, morganj

  2. #2
    Senior Member
    Join Date
    Jan 2005
    Posts
    1,366

    Default Re: More Linux questions...

    Are you able to post the message? Have a look in /var/log/messages or the FC equivalent.

  3. #3
    Debiant Myth's Avatar
    Join Date
    Feb 2005
    Location
    DFT
    Posts
    5,409

    Default Re: More Linux questions...

    Hmmm .. bit more than 5 lines ..

    Jul 17 10:55:01 tazzcomp auditd[1831]: The audit daemon is exiting.
    Jul 17 10:55:01 tazzcomp kernel: audit: *NO* daemon at audit_pid=1831
    Jul 17 10:55:01 tazzcomp kernel: audit(1121554501.130:16710398): arch=40000003 syscall=102 success=no exit=-22 a0=b a1=bff58e80 a2=80510f8 a3=0 items=0 pid=6698 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 comm="auditctl" exe="/sbin/auditctl"
    Jul 17 10:55:01 tazzcomp kernel: audit(1121554501.130:16710398): saddr=100000000000000000000000
    Jul 17 10:55:01 tazzcomp kernel: audit(1121554501.130:16710398): nargs=6 a0=3 a1=bff5afdc a2=10 a3=0 a4=bff5d178 a5=c
    Jul 17 10:55:01 tazzcomp kernel: audit(1121554501.231:16711040): SELinux: unrecognized netlink message type=1009 for sclass=49
    Jul 17 10:55:01 tazzcomp kernel:
    Jul 17 10:55:01 tazzcomp kernel: audit(1121554501.231:16711040): arch=40000003 syscall=102 success=no exit=-22 a0=b a1=bff58e60 a2=80510f8 a3=0 items=0 pid=6698 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 comm="auditctl" exe="/sbin/auditctl"
    Jul 17 10:55:01 tazzcomp kernel: audit(1121554501.231:16711040): saddr=100000000000000000000000
    Jul 17 10:55:01 tazzcomp kernel: audit(1121554501.231:16711040): nargs=6 a0=3 a1=bff5afbc a2=10 a3=0 a4=bff5d158 a5=c

    Oh and thx, now I know where shutdown messages are recorded
    (morganj): 0 is false and 1 is true, correct?
    (alec_eso): 1, morganj

  4. #4
    Senior Member
    Join Date
    Jan 2005
    Posts
    1,366

    Default Re: More Linux questions...

    Quote Originally Posted by Tazz
    Hmmm .. bit more than 5 lines ..
    Sorry, I am not familiar with linux kernel error messages.

  5. #5
    Pedant and proud of it
    Join Date
    Dec 2004
    Location
    Christchurch
    Posts
    6,047

    Default Re: More Linux questions...

    It's usually a Bad Idea to cat /var/log/messages.

    I have alias messages='tail -20 /var/log/messages' in my .bash_profile file. That gives a screenfull, which is usually enough.

    I'm not sure what is happening there ... I don't know what auditd is.

    It looks as if it is terminating, then something (the kernel?) is calling it for some reason.

    KABOOM.

    It is being called so soon after the termination that its PID (process ID) hasn't been removed from the pid/ directory (is that in /var?)

  6. #6
    Senior Member
    Join Date
    Jan 2005
    Posts
    1,366

    Default Re: More Linux questions...

    Quote Originally Posted by Graham L
    It's usually a Bad Idea to cat /var/log/messages.

    I have alias messages='tail -20 /var/log/messages' in my .bash_profile file. That gives a screenfull, which is usually enough.
    /var/log/messages is root-only access in my system, and I have a feeling it is the same in FC. Hence, it cannot be used in alias in a shell rc file of a normal or wheel user.

    And why would it be a bad idea to read it with cat?

    Quote Originally Posted by Graham L
    I'm not sure what is happening there ... I don't know what auditd is.

    It looks as if it is terminating, then something (the kernel?) is calling it for some reason.

    KABOOM.

    It is being called so soon after the termination that its PID (process ID) hasn't been removed from the pid/ directory (is that in /var?)
    That's why I tend to stay away from "too new" distros and releases. Also note the reference to SELinux... not good.

  7. #7
    Pedant and proud of it
    Join Date
    Dec 2004
    Location
    Christchurch
    Posts
    6,047

    Default Re: More Linux questions...

    All the logs are private to root. That's because they are system things. But it's usually as root that you need to look at them.

    It's a Very Bad Idea to use an editor (or even cat or less) to look at /var/log/messages because it's usually a Very Big File. It gets chopped by one of the /etc/cron.daily or /etc/cron.weekly tasks, but on average it's very big.

    The problem in making up error messages (and handling) is that often the events happen so rarely that the developers can never test the handling of them. (That's in Linux ... in Other OSs, the developers get lots of practice ).

  8. #8
    Senior Member
    Join Date
    Jan 2005
    Posts
    1,366

    Default Re: More Linux questions...

    Hey Tazz

    You will need to look through that messages to see the first instance of this error message. Then look before that to see if the system reported something changed. If the Azureus froze, there is a good chance a message was left about it.

    Post it here (as much of the relevant message as you can) and me and Graham L will have a go.

  9. #9
    Pedant and proud of it
    Join Date
    Dec 2004
    Location
    Christchurch
    Posts
    6,047

    Default Re: More Linux questions...

    grep audit /var/log/messages will help. (I think grep has options which will let you see a few lines each side of matched lines, too. man grep ).

  10. #10
    Debiant Myth's Avatar
    Join Date
    Feb 2005
    Location
    DFT
    Posts
    5,409

    Default Re: More Linux questions...

    OK, had a look at /var/log/messages which covered just today, as well as /var/log/messages1 which covered the previous 7 days (which included the time I was downloading with azureus). No mention of azureus at all.I also did the grep audit /var/log/messages thing which gave me the same info as what I have already posted.
    grep audit /var/log/messages 1 gave a similar yet smaller(just) result
    (morganj): 0 is false and 1 is true, correct?
    (alec_eso): 1, morganj

Similar Threads

  1. Linux questions........
    By SurferJoe46 in forum PressF1
    Replies: 24
    Last Post: 09-11-2005, 10:01 AM
  2. Linux Questions
    By Growly in forum PressF1
    Replies: 7
    Last Post: 11-04-2004, 09:41 PM
  3. 2 linux questions
    By smashedlittlebugger in forum PressF1
    Replies: 9
    Last Post: 07-12-2003, 07:39 PM
  4. Linux Questions
    By hamstar in forum PressF1
    Replies: 12
    Last Post: 13-03-2003, 05:08 PM
  5. Linux questions
    By JoGiles in forum PressF1
    Replies: 1
    Last Post: 24-11-2002, 03:33 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •