I'm seeing the message 'failed to format message from /var/log/audit/audit.log' repeatedly in the Infrastructure app log stream. Disabling the auditd module stops the messages, as you'd expect. Any insight would be sincerely appreciated.
Hi @kenbergquist,
thanks for trying out the Logs UI. This is a shortcoming of the current message formatting heuristic, which fail to derive a suitable "message" from the auditd event. Would it be possible for you to find out which events are displayed that way?
Hello @weltenwort. Thanks for the quick reply. To the best of my ability to tell, all events in audit.log are failing. I am also seeing it now on the mysql module, for mysql-error.log. This is on Ubuntu 16.04.5 LTS if it helps.
Thanks for providing these details. I have created an issue in the Kibana repo to track this problem. Feel free to add more details there if you come across them.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.