I tried to start a second eXpert-BSM monitor on the same machine, but it did not work. Why?
Running more than one eXpert-BSM monitor on the same machine will not work in real-time mode because only one process can record audit records from the kernel. That is also the reason why auditd cannot coexist with ebsmprobe. For batch mode, you can run several eXpert-BSM monitors in parallell as long as you are careful about not clearing a results directory that another monitor is writing to.
Related Questions
- When I use tcpdump to capture packets, why do I see only packets to or from my machine, or why do I not see all the traffic Im expecting to see from or to the machine Im trying to monitor?
- I tried to start a second eXpert-BSM monitor on the same machine, but it did not work. Why?
- How is low blood pressure treated?
