Centrify

Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-4810: DA captures raw data with tar

Auditing and Monitoring Service ,  

12 April,16 at 11:11 AM

Applies to:

Centrify DirectAudit 3.x

Question:

DA is capturing raw data when piping files using tar command over an SSH connection. This is causing the DA dB to grow huge.

It would be something like this (run by a local user). It's used in a script to replicate files across servers.
 
ssh NPIUSER@HOSTB \"sudo -u LOCALUSERB bash -c 'tar' -C $DIRB -czf - $FILE' \" | tar -C $DIRA -xzf"
 
Answer:
 
If there is no need to audit all `sudo' commands run by ssh remotely  then  adding the following to /etc/centrifyda/centrifyda.conf will resolve the issue:
 
dash.ssh.command.skiplist: scp rsync sftp-server sudo
 
Please note "ssh using sudo" won't be audited and  DA doesn't check whether it is ssh and it checks terminal (tty).

 

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.

Related Articles

 articleKB-6041: How to show current license type in use by adclient articleKB-6040: How to change the license type in use after adclient successful joined to the AD? articleKB-6056: How to report the group policy settings that are in effect for the local computer? articleKB-6073: How to join the Linux/Unix Centrify Server to Active Directory with specific Computer Role? articleKB-6038: How to specify the license type to use when joining the server to AD using adjoin? articleKB-3047: DA agent in offline mode and collector returned "Offset and length were out of bounds" error articleKB-3001: Troubleshooting Group Policy issues on Mac systems. articleKB-2109: Are there any sizing guides to help plan for scalability and storage requirements for DirectAudit? articleKB-5954: Estimating audited sessions database space utilization