Snare for Solaris filling up /tmp directory

Holcrofts
2009-06-03
2012-10-09
  • Holcrofts

    Holcrofts - 2009-06-03

    I have installed Snare for Solaris 3.2.1 and today the box crashed with the following messages:

    June 3 01:50:01 styux9279 tmpfs: [ID 518458 kern.warning] WARNING: /tmp: File system full, swap space limit exceeded

    June 3 02:06:24 styux9279 genunix: [ID 470503 kern.warning] WARNING: Sorry, no swap space to grow stack for pid 21427 (dbstatus)

    Is there anyway of stopping snare logging to the tmp directory? Or log to /dev/null? I could not find anything in the configuration guide.

    Thanks

     
    • nick hindley

      nick hindley - 2009-06-03

      its some extraneous code in snarecore.c at line 2909

      execlp("/usr/bin/bash","bash","-c","/usr/sbin/praudit -l -d\" \"|tee /tmp/SNARE-events.txt", (char *)0);

      You can change this to
      execlp("/usr/sbin/praudit", "praudit", "-l", "-d ", (char *)0);

      or alternatively download the latest 3.2.3 code from sourceforge

       
    • Holcrofts

      Holcrofts - 2009-06-03

      Thanks, so 3.2.3 will resolve this issue?

       
      • David Mohr

        David Mohr - 2009-06-03

        Hi,

        As Nick pointed out, 3.2.3 has solved this issue and the agent will only write to /tmp in DEBUG mode.

        Regards, David.

         
    • nick hindley

      nick hindley - 2009-06-03

      should do

       

Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks