aa-eventd not working correctly

ptbaranski · June 20, 2013, 11:47am

On my two SLES 11 SP2 servers event daemon is not working correctly.

Script “/usr/sbin/aa-eventd” is parsing system log files (audit.log + messages) looking for “$logmsg =~ /APPARMOR/;” but those events appear in fact in low case.

Changing the reg exp comparsion is not solving the problem. Event daemon is creating event.db properly and even sending e-mail notification but only during start up process. After that is stopping processing new events.

rpm -qa | grep armor
apparmor-parser-2.5.1.r1445-55.59.1
perl-apparmor-2.5.1.r1445-55.59.1
apparmor-profiles-2.3-48.18.1
apparmor-utils-2.5.1.r1445-55.59.1
yast2-apparmor-2.17.12-0.5.73
apparmor-docs-2.5.1.r1445-55.59.1
tomcat_apparmor-2.5.1.r1445-55.59.1
apparmor-admin_en-10.3-8.24.1
apparmor-profile-editor-0.9.1-268.35
libapparmor1-2.5.1.r1445-55.59.1

Topic		Replies	Views
Problem with pam_apparmor SLES Configure-Administer	2	335	June 19, 2012
Apparmor genprof throwing error (Can't find rsyslog.d) SLES Networking	5	258	May 6, 2015
auditd does not work like intended SLES Configure-Administer	1	248	April 19, 2019
syslog-ng setup issue SLES Configure-Administer	6	186	February 4, 2014
Can I verify if AppArmor is really disabled? SLES Configure-Administer	1	201	June 12, 2014

aa-eventd not working correctly

Related Topics