Package: auditd Version: 1:2.6.3-1 Followup-For: Bug #830244 Addition: I noticed that today the service suddenly started, but only with the standard rules file. As soon as i add anythign to it or use my own separate rules file, the service wont start anymore.
But i found out that when using "log_format = ENRICHED" (instead of RAW) then the service starts normally. Maybe this could be used as a workaround until it is fixed. -- System Information: Debian Release: stretch/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.6.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages auditd depends on: ii gawk 1:4.1.3+dfsg-0.1 ii init-system-helpers 1.37 ii libaudit1 1:2.6.3-1 ii libauparse0 1:2.6.3-1 ii libc6 2.23-1 ii libgssapi-krb5-2 1.14.2+dfsg-1 ii libkrb5-3 1.14.2+dfsg-1 ii libwrap0 7.6.q-25 ii lsb-base 9.20160629 ii mawk 1.3.3-17 auditd recommends no packages. Versions of packages auditd suggests: pn audispd-plugins <none> -- Configuration Files: /etc/audisp/audispd.conf [Errno 13] Permission denied: u'/etc/audisp/audispd.conf' /etc/audisp/plugins.d/af_unix.conf [Errno 13] Permission denied: u'/etc/audisp/plugins.d/af_unix.conf' /etc/audisp/plugins.d/syslog.conf [Errno 13] Permission denied: u'/etc/audisp/plugins.d/syslog.conf' /etc/audit/audit-stop.rules [Errno 13] Permission denied: u'/etc/audit/audit-stop.rules' /etc/audit/auditd.conf [Errno 13] Permission denied: u'/etc/audit/auditd.conf' /etc/audit/rules.d/audit.rules [Errno 13] Permission denied: u'/etc/audit/rules.d/audit.rules' -- no debconf information
