Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Slow shutdown due to auomscollect #120

Open
paulmey opened this issue Oct 25, 2024 · 0 comments
Open

Slow shutdown due to auomscollect #120

paulmey opened this issue Oct 25, 2024 · 0 comments

Comments

@paulmey
Copy link
Member

paulmey commented Oct 25, 2024

Reboots are taking ~30 seconds longer because auomscollect does not shutdown when it is asked to:

root@a3232dc4574e [ ~ ]# journalctl -b -1 -u auditd.service
Oct 25 12:12:31 a3232dc4574e systemd[1]: Starting Security Auditing Service...
Oct 25 12:12:31 a3232dc4574e auditd[825]: audit dispatcher initialized with q_depth=1200 and 1 active plugins
Oct 25 12:12:31 a3232dc4574e auditd[825]: Init complete, auditd 3.0.6 listening for events (startup state enable)
Oct 25 12:12:31 a3232dc4574e auomscollect[828]: Trying to acquire singleton lock
Oct 25 12:12:31 a3232dc4574e auomscollect[828]: Acquire singleton lock
Oct 25 12:12:31 a3232dc4574e auomscollect[828]: Failed to configure cpu cgroup: Cgroups mount is missing: /sys/fs/cgroup/cpu,cpuacct
Oct 25 12:12:31 a3232dc4574e auomscollect[828]: CPU Limits cannot be enforced
Oct 25 12:12:31 a3232dc4574e auomscollect[828]: Opening queue: /var/opt/microsoft/auoms/collect_queue
Oct 25 12:12:31 a3232dc4574e auomscollect[828]: Metrics starting
Oct 25 12:12:31 a3232dc4574e auomscollect[828]: Output(output): Loading config
Oct 25 12:12:31 a3232dc4574e auomscollect[828]: Starting ingest thead (844)
Oct 25 12:12:31 a3232dc4574e auomscollect[828]: Output(output): Started
Oct 25 12:12:31 a3232dc4574e auomscollect[828]: Output(output): Connecting to /var/run/auoms/input.socket
Oct 25 12:12:31 a3232dc4574e auomscollect[828]: Output(output): Failed to connect to '/var/run/auoms/input.socket': No such file or directory
Oct 25 12:12:31 a3232dc4574e auomscollect[828]: Output(output): Sleeping 1 seconds before re-trying connection
Oct 25 12:12:31 a3232dc4574e auomscollect[828]: ProcMetrics: starting
Oct 25 12:12:31 a3232dc4574e augenrules[833]: /sbin/augenrules: No change
Oct 25 12:12:31 a3232dc4574e systemd[1]: Started Security Auditing Service.
Oct 25 12:12:32 a3232dc4574e auomscollect[828]: Output(output): Connecting to /var/run/auoms/input.socket
Oct 25 12:12:32 a3232dc4574e auomscollect[828]: Output(output): Failed to connect to '/var/run/auoms/input.socket': No such file or directory
Oct 25 12:12:32 a3232dc4574e auomscollect[828]: Output(output): Sleeping 2 seconds before re-trying connection
Oct 25 12:12:32 a3232dc4574e auomscollect[828]: RawEvent::AddEvent(): Event exceeded queue item size limit
Oct 25 12:12:34 a3232dc4574e auomscollect[828]: Output(output): Connecting to /var/run/auoms/input.socket
Oct 25 12:12:34 a3232dc4574e auomscollect[828]: Output(output): Connected
Oct 25 12:13:07 a3232dc4574e auomscollect[828]: RawEvent::AddEvent(): Event exceeded queue item size limit
Oct 25 12:13:07 a3232dc4574e auomscollect[828]: RawEvent::AddEvent(): Event exceeded queue item size limit
Oct 25 12:13:07 a3232dc4574e auomscollect[828]: RawEvent::AddEvent(): Event exceeded queue item size limit
Oct 25 12:13:07 a3232dc4574e auomscollect[828]: RawEvent::AddEvent(): Event exceeded queue item size limit
Oct 25 12:13:08 a3232dc4574e auomscollect[828]: RawEvent::AddEvent(): Event exceeded queue item size limit
Oct 25 12:13:17 a3232dc4574e auditd[825]: Audit daemon rotating log files
Oct 25 12:22:02 a3232dc4574e systemd[1]: Stopping Security Auditing Service...
Oct 25 12:22:02 a3232dc4574e auomscollect[828]: STDIN closed, exiting input loop
Oct 25 12:22:02 a3232dc4574e auomscollect[828]: Exiting
Oct 25 12:22:02 a3232dc4574e auomscollect[828]: Output(output): Stopping
Oct 25 12:22:02 a3232dc4574e auditd[825]: The audit daemon is exiting.
Oct 25 12:23:32 a3232dc4574e systemd[1]: auditd.service: State 'final-sigterm' timed out. Killing.
Oct 25 12:23:32 a3232dc4574e systemd[1]: auditd.service: Killing process 828 (auomscollect) with signal SIGKILL.
Oct 25 12:23:32 a3232dc4574e systemd[1]: auditd.service: Killing process 834 (auomscollect) with signal SIGKILL.
Oct 25 12:23:32 a3232dc4574e systemd[1]: auditd.service: Killing process 835 (auomscollect) with signal SIGKILL.
Oct 25 12:23:32 a3232dc4574e systemd[1]: auditd.service: Killing process 843 (auomscollect) with signal SIGKILL.
Oct 25 12:23:32 a3232dc4574e systemd[1]: auditd.service: Failed with result 'timeout'.
Oct 25 12:23:32 a3232dc4574e systemd[1]: Stopped Security Auditing Service.
Oct 25 12:23:32 a3232dc4574e systemd[1]: auditd.service: Consumed 3.701s CPU time.
root@a3232dc4574e [ ~ ]# rpm -qf /opt/microsoft/auoms/bin/auomscollect
auoms-2.7.0-62.x86_64
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@paulmey