IPO Server Edition 11.1.2.2.0 build 20
Saw last night that my disk space was at 90% full.
Rooted in to see that the /var/log/audit/ folder was 57 gigs. Onex logging is off, and Onex is disabled. Besides, that log folder is /opt/avaya/onexportal/11.1.2200_30/apache-tomcat/logs. That folder is fine in size.
Anyone know what is causing these logs and how do I disable it? This server was ignited November 2022, and it's August 2023, and the folder was nearly 60 gigs. I deleted the files, but this is untenable for a server less than a year old.
The logs are as such:
/var/log/audit/audit.log.1 audit.log.2 audit.log.3 etc etc.
They contain text like this:
Saw last night that my disk space was at 90% full.
Rooted in to see that the /var/log/audit/ folder was 57 gigs. Onex logging is off, and Onex is disabled. Besides, that log folder is /opt/avaya/onexportal/11.1.2200_30/apache-tomcat/logs. That folder is fine in size.
Anyone know what is causing these logs and how do I disable it? This server was ignited November 2022, and it's August 2023, and the folder was nearly 60 gigs. I deleted the files, but this is untenable for a server less than a year old.
The logs are as such:
/var/log/audit/audit.log.1 audit.log.2 audit.log.3 etc etc.
They contain text like this:
Code:
type=PROCTITLE msg=audit(1692913707.812:13664256): proctitle=2F7573722F7362696E2F727379736C6F6764002D6E
type=AVC msg=audit(1692913713.496:13664257): avc: denied { name_connect } for pid=25029 comm=72733A616374696F6E203339207175 dest=5051 scontext=system_u:system_r:syslogd_t:s0 tcontext=system_u:object_r:unreserved_port_t:s0 tclass=tcp_socket permissive=0
type=SYSCALL msg=audit(1692913713.496:13664257): arch=c000003e syscall=42 success=no exit=-13 a0=50 a1=7f1a5c007080 a2=10 a3=5 items=0 ppid=1 pid=25029 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=72733A616374696F6E203339207175 exe="/usr/sbin/rsyslogd" subj=system_u:system_r:syslogd_t:s0 key=(null)
type=SOCKADDR msg=audit(1692913713.496:13664257): saddr=020013BB36AC0C310000000000000000
type=PROCTITLE msg=audit(1692913713.496:13664257): proctitle=2F7573722F7362696E2F727379736C6F6764002D6E
type=AVC msg=audit(1692913723.646:13664258): avc: denied { name_connect } for pid=25029 comm=72733A616374696F6E203220717565 dest=5051 scontext=system_u:system_r:syslogd_t:s0 tcontext=system_u:object_r:unreserved_port_t:s0 tclass=tcp_socket permissive=0
type=SYSCALL msg=audit(1692913723.646:13664258): arch=c000003e syscall=42 success=no exit=-13 a0=55 a1=7f1a4c006fa0 a2=10 a3=5 items=0 ppid=1 pid=25029 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=72733A616374696F6E203220717565 exe="/usr/sbin/rsyslogd" subj=system_u:system_r:syslogd_t:s0 key=(null)
type=SOCKADDR msg=audit(1692913723.646:13664258): saddr=020013BB36AC0C310000000000000000
type=PROCTITLE msg=audit(1692913723.646:13664258): proctitle=2F7573722F7362696E2F727379736C6F6764002D6E
type=AVC msg=audit(1692913726.774:13664259): avc: denied { write } for pid=17416 comm="sudo" name="tallylog" dev="sda3" ino=1573490 scontext=system_u:system_r:avaya_t:s0 tcontext=system_u:object_r:faillog_t:s0 tclass=file permissive=1
type=SYSCALL msg=audit(1692913726.774:13664259): arch=c000003e syscall=2 success=yes exit=5 a0=7f2ac4952550 a1=2 a2=7fff3bd7f490 a3=3 items=1 ppid=17415 pid=17416 auid=4294967295 uid=994 gid=994 euid=0 suid=0 fsuid=0 egid=994 sgid=994 fsgid=994 tty=(none) ses=4294967295 comm="sudo" exe="/usr/bin/sudo" subj=system_u:system_r:avaya_t:s0 key="logins"
type=CWD msg=audit(1692913726.774:13664259): cwd="/opt/webcontrol"
type=PATH msg=audit(1692913726.774:13664259): item=0 name="/var/log/tallylog" inode=1573490 dev=08:03 mode=0100600 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:faillog_t:s0 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=PROCTITLE msg=audit(1692913726.774:13664259): proctitle=7375646F002D53002F6574632F696E69742E642F6D656469616D616E6167657200737461747573
type=USER_AUTH msg=audit(1692913726.780:13664260): pid=17416 uid=994 auid=4294967295 ses=4294967295 subj=system_u:system_r:avaya_t:s0 msg='op=PAM:authentication grantors=pam_tally2,pam_faillock,pam_unix acct="wcp" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'
type=SYSCALL msg=audit(1692913726.781:13664261): arch=c000003e syscall=2 success=yes exit=5 a0=7f2ac4952550 a1=2 a2=7fff3bd7f750 a3=3 items=1 ppid=17415 pid=17416 auid=4294967295 uid=994 gid=994 euid=0 suid=0 fsuid=0 egid=994 sgid=994 fsgid=994 tty=(none) ses=4294967295 comm="sudo" exe="/usr/bin/sudo" subj=system_u:system_r:avaya_t:s0 key="logins"
type=CWD msg=audit(1692913726.781:13664261): cwd="/opt/webcontrol"
type=PATH msg=audit(1692913726.781:13664261): item=0 name="/var/log/tallylog" inode=1573490 dev=08:03 mode=0100600 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:faillog_t:s0 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=PROCTITLE msg=audit(1692913726.781:13664261): proctitle=7375646F002D53002F6574632F696E69742E642F6D656469616D616E6167657200737461747573