ashish-gehani / SPADE

SPADE: Support for Provenance Auditing in Distributed Environments
GNU General Public License v3.0
170 stars 75 forks source link

Adding reporter java.lang.Exception: Invalid path: '/var/run/audispd_events' #150

Closed eddie15teddy closed 3 weeks ago

eddie15teddy commented 3 weeks ago

Hi, I am trying to add Audit as a reporter, but keep running into this error. I am running this on Fedora 34 aarch64

Here are all the logs:

Oct 04, 2024 4:21:02 AM spade.core.Kernel getHostName INFO: SPADE host name: 'localhost-live'
Oct 04, 2024 4:21:10 AM spade.core.Kernel addReporterCommand INFO: Adding reporter: Audit
Oct 04, 2024 4:21:10 AM spade.core.BlockingBuffer log INFO: [Audit] workableFreeMemory=20.000%, reportingIntervalSeconds=120(enabled), sleepWaitMillis=1000
Oct 04, 2024 4:21:10 AM spade.core.Kernel addReporterCommand INFO: Memory usage limited buffer used for reporter 'Audit' with 'workableFreeMemory'='20' from '/run/media/liveuser/fedora_localhost-live/home/SPADE/./cfg/spade.core.AbstractReporter.config'
Oct 04, 2024 4:21:10 AM spade.reporter.Audit _launch INFO: Intervaler [isEnabled=true, intervalTimeMillis=120000]
Oct 04, 2024 4:21:10 AM spade.reporter.Audit _launch INFO: OutputLog [enabled=false, outputLogPath=null, rotationEnabled=false, rotateLogAfterLines=0]
Oct 04, 2024 4:21:10 AM spade.reporter.Audit _launch INFO: LinuxConstants [configFilePath=/run/media/liveuser/fedora_localhost-live/home/SPADE/./cfg/spade.reporter.audit.LinuxConstants.config]
Oct 04, 2024 4:21:10 AM spade.reporter.Audit _launch SEVERE: Failed to initialize input configuration
java.lang.Exception: Invalid path for Linux audit socket path specified by 'linuxAuditSocket': '/var/run/audispd_events'
at spade.reporter.audit.Input.instance(Input.java:298)
at spade.reporter.Audit._launch(Audit.java:333)
at spade.reporter.Audit.launch(Audit.java:278)
at spade.core.Kernel.addReporterCommand(Kernel.java:948)
at spade.core.Kernel.addCommand(Kernel.java:1111)
at spade.core.Kernel.executeCommand(Kernel.java:621)
at spade.core.Kernel$LocalControlConnection.run(Kernel.java:1978)
at java.base/java.lang.Thread.run(Thread.java:834)
Caused by: java.lang.Exception: Does not exist
at spade.reporter.audit.Input.instance(Input.java:295)
... 7 more

Oct 04, 2024 4:21:10 AM spade.reporter.Audit launch SEVERE: Failed to launch reporter
Oct 04, 2024 4:21:10 AM spade.core.Kernel addReporterCommand SEVERE: Unable to launch reporter
Oct 04, 2024 4:21:21 AM spade.core.Kernel shutdown INFO: Shutting down SPADE....

Could you pease show me what might be causing this error and what the next steps for debugging are? Thanks!

ashish-gehani commented 3 weeks ago

See: https://github.com/ashish-gehani/SPADE/issues/134