Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-4167: CDAException when connecting to collector

Centrify DirectAudit ,  

12 April,16 at 11:07 AM

Applies to: Centrify DirectAudit Agent 3.1.x on all platforms
 
Problem:
 
The DirectAudit agent was recently deployed or upgraded to version 3.1.x and the agent is unable to connect to the collector with the following errors in syslog:
 
auth|security:info dad[450600]: INFO  <auditbg:run-queue> cda.dad.auditor Issue in despooling data: readNBytes: can't read 16 bytes from buffer at offset: 12. Leaving data in place. DirectAudit will try other collectors. Current collector will be considered again after 15 seconds.
 
The server running the agent can ping the collector just fine and you may even have some agents in the same site connecting without issue.
 
Cause:
 
There was a recently discovered issue with the local spool where the DirectAudit session data is streamed from the cdash shell. It can get corrupted and it prevents the the agent with corrupt spool from sending the data to the collector.
 
Workaround:
 
In order to restore the DirectAudit agent's connection to the collector the spool must be cleared out and the agent restarted.  Please do the following steps as sudo or root:
 
1) Run dastop to stop the DirectAudit agent
 
2) Rename the spool directory /var/centrifyda/spool-dbqc, as follows:
 
#mv /var/centrifyda/spool-dbqc /var/centrifyda/spool-dbqc-old
 
3) Run dastart to start the DirectAudit agent
 
4) Wait several seconds and run dainfo, it should be able to connect to a collector now
 
Resolution:
 
This issue has been resolved in the next release of Centrify DirectAudit Agent (version 3.2) included with Centrify Suite 2014. While a full upgrade is recommended (console, DB, collector, agent) only an agent update is required to resolve the issue.

Note: Note:   If you upgrade the DirectAudit Unix/Linux Agent to the latest version to fix the issue mentioned in this KB, it is recommended that you upgrade other DirectAudit components such as collector, consoles, databases etc. to the latest version as well.

If it’s not possible to upgrade all the components together, it is recommended to disable the Audit trail feature of the DirectAudit Unix/Linux Agent. Please use the steps below to disable Audit trail feature of the Agent using sudo or root,
 
1. Go to /etc/centrifydc directory.
 
2. Use vi or any other text editor to open the centrifydc.conf file.
 
3. Uncomment the setting named “audittrail.targets” and set its value to 0 (zero)
e.g. audittrail.targets: 0
 
4. Save the file.
 

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.