LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 02-03-2010, 07:49 AM   #1
fedora_user
Member
 
Registered: Jan 2006
Posts: 112

Rep: Reputation: 15
Smile PLEASE HELP!! auditctl giving Invalid argument in redhat


hello
im running rhel 4 version 2.6.9-11.ELsmp
trying to audit files. just installed and ran auditctl.
when running this basic command:
auditctl -w /home/TestFile.doc -k test-file -p rwxa

i get the error:
Error sending watch insert request (Invalid argument)

i got the info above from:
http://www.cyberciti.biz/tips/linux-...to-a-file.html

they said the basic default /etc/audit.rules will work.

please can you help. im sure its something straight forward
thank you in advance
 
Old 02-03-2010, 10:59 AM   #2
TB0ne
LQ Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 18,348

Rep: Reputation: 3910Reputation: 3910Reputation: 3910Reputation: 3910Reputation: 3910Reputation: 3910Reputation: 3910Reputation: 3910Reputation: 3910Reputation: 3910Reputation: 3910
Quote:
Originally Posted by fedora_user View Post
hello
im running rhel 4 version 2.6.9-11.ELsmp
trying to audit files. just installed and ran auditctl.
when running this basic command:
auditctl -w /home/TestFile.doc -k test-file -p rwxa

i get the error:
Error sending watch insert request (Invalid argument)

i got the info above from:
http://www.cyberciti.biz/tips/linux-...to-a-file.html

they said the basic default /etc/audit.rules will work.
When you start the audit daemon, the /etc/audit.rules file is read to specify what to audit. Try this, edit the /etc/audit.rules file and add:
Code:
-w /etc -p wa -k CFG_etc
Also, the kernel version you're running may be an issue as well. Some of the older kernels have issues with auditd. Since you're paying for RHEL support, you can get a kernel patch/update from the RedHat Network. Their support should be able to help you out.
 
Old 02-04-2010, 03:55 AM   #3
fedora_user
Member
 
Registered: Jan 2006
Posts: 112

Original Poster
Rep: Reputation: 15
TB0ne, thanks
i think its the kernel as i did the suggested and it still gave same issue?
# to auditctl.

# First rule - delete all
-D

# Increase the buffers to survive stress events
# Make this bigger for busy systems
-b 256

# Feel free to add below this line. See auditctl man page
-w /etc -p wa -k CFG_etc


Stopping auditd: [ OK ]
Starting auditd: [ OK ]
Error sending watch insert request (Invalid argument)
There was an error in line 14 of /etc/audit.rules


ive seen this on quite few forums. but as im no expert it might not be the kernel version...any idea?
 
Old 02-04-2010, 09:45 AM   #4
TB0ne
LQ Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 18,348

Rep: Reputation: 3910Reputation: 3910Reputation: 3910Reputation: 3910Reputation: 3910Reputation: 3910Reputation: 3910Reputation: 3910Reputation: 3910Reputation: 3910Reputation: 3910
Quote:
Originally Posted by fedora_user View Post
TB0ne, thanks
i think its the kernel as i did the suggested and it still gave same issue?
# to auditctl.

# First rule - delete all
-D

# Increase the buffers to survive stress events
# Make this bigger for busy systems
-b 256

# Feel free to add below this line. See auditctl man page
-w /etc -p wa -k CFG_etc


Stopping auditd: [ OK ]
Starting auditd: [ OK ]
Error sending watch insert request (Invalid argument)
There was an error in line 14 of /etc/audit.rules


ive seen this on quite few forums. but as im no expert it might not be the kernel version...any idea?
Yep...gave you the ideas in my first post. Try the options, or update your kernel. The kernel is the most likely source of your error.

That bug is normally seen due to a kernel bug, in earlier kernels (like yours). As I said, RHEL has support/patches/updates for your kernel, that you can get via the RedHat Network (since you're paying for RHEL).
 
Old 02-04-2010, 10:43 AM   #5
fedora_user
Member
 
Registered: Jan 2006
Posts: 112

Original Poster
Rep: Reputation: 15
thanks for your help, im off to update my kernel...
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
invalid argument azza Programming 1 07-01-2009 10:45 PM
invalid argument azza Programming 1 06-29-2009 09:25 AM
message sending failed : Error[22 ] invalid argument .....but each and every argument rakeshranjanjha Linux - Software 2 01-08-2008 12:22 AM
[ Invalid Argument on 'iptables' ] benleung Linux - Security 1 09-23-2003 01:25 AM
xawtv - invalid argument liguorir Linux - Software 0 06-17-2003 09:55 PM


All times are GMT -5. The time now is 12:20 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration