Displaying 1 result from an estimated 1 matches for "warx".
Did you mean:
warn
2013 Apr 30
0
httpd writes much to /var? How to audit it properly?
...nal)
>From time to time (it happenes on different machines) I have a very high
load up to 100, and I see that there are up to 300/s writes to /var at the
same time. Apache restart solves the problem. I would like to know the
reason so I decided to use auditd.
I've used:
auditctl -w /var -p warx
And for example:
ausearch -f /var -i -ts 04/29/2013 23:00:00 -te 04/29/2013 23:01:00 -ua
11111 | grep 'syscall=open' | wc -l
gives me "5" but in my monitoring I see that there were up to 300 writes
per second to /var at the same moment (id 11111 - httpd) (I have verified
the wri...