Linux 通用进程 Audit 监视器
audit 后台程序未运行。检查诊断和恢复结果以查看是否需要执行进一步的操作。
audit 后台程序便于将审核记录写入到磁盘。
故障表示 audit 后台程序未运行。
通过运行 “ps -ef | grep auditd” 或查看 Operations Manager 控制台中的诊断来检查服务。通过运行 “service auditd start” 命令或单击 Operations Manager 控制台中的恢复链接进行启动。
对于根本原因分析,请首先检查系统日志文件(/var/log/messages),并查看失败时的所有相关条目。
Target | Microsoft.Linux.Universal.OperatingSystem | ||
Parent Monitor | System.Health.AvailabilityState | ||
Category | AvailabilityHealth | ||
Enabled | False | ||
Alert Generate | True | ||
Alert Severity | Error | ||
Alert Priority | Normal | ||
Alert Auto Resolve | True | ||
Monitor Type | Microsoft.Unix.WSMan.Process.Status.MonitorType | ||
Remotable | True | ||
Accessibility | Public | ||
Alert Message |
| ||
RunAs | Default |
<UnitMonitor ID="Microsoft.Linux.Universal.Process.Audit.Monitor" Accessibility="Public" Target="Universal!Microsoft.Linux.Universal.OperatingSystem" TypeID="Unix!Microsoft.Unix.WSMan.Process.Status.MonitorType" Enabled="false" ParentMonitorID="SystemHealth!System.Health.AvailabilityState">
<Category>AvailabilityHealth</Category>
<AlertSettings AlertMessage="Microsoft.Linux.Universal.Process.Audit.AlertMessage">
<AlertOnState>Error</AlertOnState>
<AutoResolve>true</AutoResolve>
<AlertPriority>Normal</AlertPriority>
<AlertSeverity>Error</AlertSeverity>
<AlertParameters>
<AlertParameter1>$Target/Host/Property[Type="Unix!Microsoft.Unix.Computer"]/PrincipalName$</AlertParameter1>
</AlertParameters>
</AlertSettings>
<OperationalStates>
<OperationalState HealthState="Success" MonitorTypeStateID="Running" ID="Running"/>
<OperationalState HealthState="Error" MonitorTypeStateID="NotRunning" ID="NotRunning"/>
</OperationalStates>
<Configuration>
<TargetSystem>$Target/Host/Property[Type="Unix!Microsoft.Unix.Computer"]/NetworkName$</TargetSystem>
<ProcessName>auditd</ProcessName>
<Interval>300</Interval>
</Configuration>
</UnitMonitor>