Hi there,
We are getting many Ubuntu assets with the following error:
What is actually wrong?
Thanks in advance
Typically this is because auditd is running, and compatibility mode is not configured.
If you see this documentation InsightIDR - auditd Compatibility Mode for Linux Assets | Insight Agent Documentation
It outlines our configuration for compatibility mode.
Alternatively you can choose to disable auditd, and the Insight Agent will control the netlink socket and audit/consume the necessary events.
David
What are some of the event the agent will report if auditd is disabled