PAMSC - selogrd - duplicate messages were sent to syslog
search cancel

PAMSC - selogrd - duplicate messages were sent to syslog

book

Article ID: 278448

calendar_today

Updated On:

Products

CA Privileged Access Manager - Server Control (PAMSC)

Issue/Introduction

While reviewing syslog messages we found duplicate messages were sent to syslog through selogrd service

Nov 27 16:15:17 server daemon:debug selogrd[3409178]: 27 Nov 2023 16:15:10 P TRACE        root         656446db:0000010b xxxxxxxx     root         ARGS         /usr/bin/grep  994  EXECARGS: 'grep xxxxxxxx /etc/passwd'
Nov 27 16:15:22 server daemon:debug selogrd[3409178]: 27 Nov 2023 16:15:10 P TRACE        root         656446db:0000010b xxxxxxxx    root         ARGS         /usr/bin/grep  994  EXECARGS: 'grep xxxxxxxx /etc/passwd'

Environment

PAMSC 14.1

Cause

Duplicate messages can appear in seos seaudit and sent to syslog from PAMSC for a variety of reasons. In some cases the messages simply appear to be duplicate since they report the same message at the same time but in reality, the OS makes 2 simmilar calls based on a single command issue. In this case it was that 2 methods of trace were enabled at the same time so the messages was sent to syslog by two individual trace threads.

Resolution

Either turn one of the trace methods off or expect 2 messages shown from trace.

Powered by Wolken Software