My database is failing to replicate and the only clue in the error log is Operation Not Permitted, which I am guessing is file access permission failure either on donar or joiner. Is there any file that I could tail to see what exactly files does the user/process is trying read/write/execute?
Asked
Active
Viewed 192 times
0
-
tail -f /var/log/mysqld.log what error it is logging? – Abhishek Anand Amralkar May 21 '13 at 06:55
-
It fails with `130521 6:59:31 [Warning] WSREP: Failed to prepare for incremental state transfer: Local state UUID (00000000-0000-0000-0000-000000000000) does not match group state UUID (7ff38373-c1d1-11e2-0800-d595d1800e6a): 1 (Operation not permitted)` – Gajus May 21 '13 at 07:01
1 Answers
1
The auditd(8) daemon provides the functionality you request in your question. It is configured in the /etc/audit/auditd.conf file, and its syntax is described in the auditd.conf(5) manual page.
You need to install and enable the daemon, and configure the /etc/audit/audit.rules to audit those events you consider relevant. And example from the audit.rules(7) manpage:
-a always,exit -F arch=b32 -S open -S openat -F exit=-EACCES -k access
-a always,exit -F arch=b32 -S open -S openat -F exit=-EPERM -k access
-a always,exit -F arch=b64 -S open -S openat -F exit=-EACCES -k access
-a always,exit -F arch=b64 -S open -S openat -F exit=-EPERM -k access
Read the auditctl(8) manpage for an explanation of all the options used in the examples.
For later analysis/reporting, you can use the ausearch(8) and aureport(8) tools.
dawud
- 15,096
- 3
- 42
- 61