logs flooded with audispd messages

Solution In Progress - Updated -

Issue

The /var/log/messages log is flooded with messages like this:

May 31 10:20:30 hostname audispd[12345]: node=ltest452 type=SYSCALL msg=audit(1464681707.474:1112876933): arch=c000003e syscall=44 success=yes exit=389 a0=5 a1=7efe49ab3dc0 a2=185 a3=4000 items=0 ppid=29034 pid=29037 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="audispd" exe="/usr/sbin/audispd" subj=system_u:system_r:audisp_t:s0 key=(null)
May 31 10:20:30 hostname audispd[12345]: node=ltest452 type=EOE msg=audit(1464681707.474:1112876933):

The part repeats each 30 seconds.

Environment

RHEL, auditd, audispd

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content