Hello Everybody,
I have installed an audit vault agent 12.2.0.8.0 in an oracle linux server 6.9 to collect Operating system Audit Data
but even the agent is running in the target, the operating system audit trail is stopped and in the audit vault agent log it says
[2019-05-16T16:13:46.054-06:00] [collector] [ERROR] [] [Source_HOST-OS-trail_21] [tid: 44] [ecid: 1136644872:15407:1558044826098:0,0] LinuxAuditLogParser : parse : Not A Valid Audit Record
[2019-05-16T16:13:46.105-06:00] [collector] [ERROR] [] [Source_HOST-OS-trail_21] [tid: 44] [ecid: 1136644872:15407:1558044826098:0,0] LinuxOSAuditFileObjectException from getAuditRecord While parsing the audit record: node=host type=LOGIN msg=audit(1544441401.686:767854): pid=26760 uid=0 old-auid=4294967295 auid=54321 old-ses=4294967295 ses=35295 res=1 Internal Collector {0}:{1} Error
[2019-05-16T16:13:46.105-06:00] [collector] [ERROR] [] [Source_HOST-OS-trail_21] [tid: 44] [ecid: 1136644872:15407:1558044826098:0,0] LinuxOSAuditLogReader Error in readNextRecord:java.lang.NullPointerException
[2019-05-16T16:13:46.106-06:00] [collector] [ERROR] [] [Source_HOST-OS-trail_21] [tid: 44] [ecid: 1136644872:15407:1558044826098:0,0] LinuxOSAuditCollector : hasMore : Internal Collector {0}:{1} Error
[2019-05-16T16:14:26.446-06:00] [collector] [ERROR] [] [Source_HOST-OS-trail_21] [tid: 55] [ecid: 1136644872:15407:1558044866446:1,0] LinuxAuditLogParser : parse : Not A Valid Audit Record
the type of audit trail is DIRECTORY
the location of the audit trail is /var/log/audit/audit.log
the version of auditd is audit-2.4.5-6.el6.x86_64
any clue about why the trail is not working???
Thanks in advance
Sergio