psad (kmsdg) and syslogd not communicating

Installing, Configuring, Troubleshooting server daemons such as Web and Mail
Post Reply
tobyjoe
Posts: 3
Joined: 2005/06/04 17:07:22

psad (kmsdg) and syslogd not communicating

Post by tobyjoe » 2005/06/24 20:12:22

I have bastille-firewall and psad running. For some reason, psad isn't finding the logged messages from syslogd.

In syslog.conf, the kern.info is being piped to psadfifo.

When I do an lsof on psadfifo, only kmsgd has a handle. Syslogd does not.

I am running SELinux enabled, but I'm not getting any access denied messages, nor does this work when I set enabled to false.

It seems that the problem is syslogd not wanting to grab that psadfifo pipe.

Any ideas why?





From "service psad status":

[+] psadwatchd (pid: 14349) %CPU: 0.0 %MEM: 0.0
Running since: Thu Jun 23 13:49:38 2005

[+] kmsgsd (pid: 14347) %CPU: 0.0 %MEM: 0.0
Running since: Thu Jun 23 13:49:38 2005

[+] psad (pid: 14345) %CPU: 0.0 %MEM: 0.8
Running since: Thu Jun 23 13:49:38 2005
Command line arguments: [none specified]
Alert email address(es): (admin@domain)

[No scans detected]

Iptables prefix counters:
[NONE]

Total scan sources: 0
Total scan destinations: 0

Total packet counters:
tcp: 0
udp: 0
icmp: 0

sampablokuper
Posts: 1
Joined: 2008/11/02 21:32:19

Re: psad (kmsdg) and syslogd not communicating

Post by sampablokuper » 2008/11/02 21:34:10

I'm having the same problem, but on Ubuntu. Did you find a solution?

Post Reply

Return to “CentOS 4 - Server Support”