Page 1 of 1

psad (kmsdg) and syslogd not communicating

Posted: 2005/06/24 20:12:22
by tobyjoe
I have bastille-firewall and psad running. For some reason, psad isn't finding the logged messages from syslogd.

In syslog.conf, the kern.info is being piped to psadfifo.

When I do an lsof on psadfifo, only kmsgd has a handle. Syslogd does not.

I am running SELinux enabled, but I'm not getting any access denied messages, nor does this work when I set enabled to false.

It seems that the problem is syslogd not wanting to grab that psadfifo pipe.

Any ideas why?





From "service psad status":

[+] psadwatchd (pid: 14349) %CPU: 0.0 %MEM: 0.0
Running since: Thu Jun 23 13:49:38 2005

[+] kmsgsd (pid: 14347) %CPU: 0.0 %MEM: 0.0
Running since: Thu Jun 23 13:49:38 2005

[+] psad (pid: 14345) %CPU: 0.0 %MEM: 0.8
Running since: Thu Jun 23 13:49:38 2005
Command line arguments: [none specified]
Alert email address(es): (admin@domain)

[No scans detected]

Iptables prefix counters:
[NONE]

Total scan sources: 0
Total scan destinations: 0

Total packet counters:
tcp: 0
udp: 0
icmp: 0

Re: psad (kmsdg) and syslogd not communicating

Posted: 2008/11/02 21:34:10
by sampablokuper
I'm having the same problem, but on Ubuntu. Did you find a solution?