Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >

KB-2404: "No TTY, we don't want to interfere - dropping out"

Auditing and Monitoring Service ,  

12 April,16 at 11:09 AM

Applies to: All versions of Centrify DirectAudit on HPUX platforms.
It's observed that audited data from one HPUX system is not showing up in Centrify DirectAudit Manager. The Centrify command dainfo --diag (as root) on the audited HPUX system shows that data is being spooled to the Collector correctly. The SQL configuration is also correct. The command dacontrol was run many times to disable and enable audit on the HPUX system. Centrify DirectAudit was restarted on the HPUX system too. Any reason?

This can happen under very rare circumstances and the best way to troubleshoot this issue is to enable the Centrify DirectAudit debug. If the following line is observed, then utmp may be corrupt. When this occurs, direct terminal logins are disabled with a "No utmp entries" in syslog. You must exec 'login' rom the lowest level 'sh'.  
May 10 16:04:05 dbdev1 cda.dash[17566]: DEBUG: Runlevel -1 is unacceptable, dropping out.
To confirm if utmp is corrupted, one of the commands to run is #who -r (check run level). If it returns nothing, then its corrupt. The best way to fix a utmp corruption issue is to schedule a reboot. After this, auditing should work fine and out-of-the-box.
Note: utmp, wtmp, btmp and variants such as utmpx, wtmpx and btmpx are files on Unix-like systems that keeps track of all logins and logouts to the system.
utmp file keeps track of the current login state of each user.
wtmp file records all logins and logouts.
btmp file records failed login attempts.
Different commands allow to consult the information stored in those files, including
who (which show current system users), last (which show last logged in users) and lastb (which show last failed login attempts).
For HPUX those files may commonly be found in different places:
/etc/utmp (deprecated), /etc/utmpx
/var/adm/wtmp (deprecated), /var/adm/wtmpx
/var/adm/btmp (deprecated), /var/adm/btmpx

Related Articles

No related Articles