Hi there,
We are getting many Ubuntu assets with the following error:
What is actually wrong?
Thanks in advance
Typically this is because auditd is running, and compatibility mode is not configured.
If you see this documentation InsightIDR - auditd Compatibility Mode for Linux Assets | Insight Agent Documentation
It outlines our configuration for compatibility mode.
Alternatively you can choose to disable auditd, and the Insight Agent will control the netlink socket and audit/consume the necessary events.
David
What are some of the event the agent will report if auditd is disabled
No, the auditd is running and compatibility mode is configured.
Support do not help me, just ignores me.
What is the support case I will take a look
08249045
and a couple more that just died.
Thanks!