Forum Discussion

roger_jr's avatar
roger_jr
Copper Contributor
May 10, 2021

mdatp_audisp_plugin

I was wondering if anyone knows what /opt/microsoft/mdatp/sbin/mdatp_audisp_plugin  is used for on RHEL.   I've noticed it can consume allot of resources in some cases and hoping to find some docum...
kalyan190's avatar
kalyan190
Copper Contributor
Jul 20, 2021

roger_jr  If you find out the answer to this query, please let me know

  • roger_jr's avatar
    roger_jr
    Copper Contributor
    Aug 04, 2021
    kalyan190 mdatp_audisp_plugin
    The issue is, mdatp_audisp_plugin has a bug which the plugin might ingest unnecessary logs from audit logs.

    My suggestion is open a ticket with Microsoft TAC and they can provide a work around.



    • kalyan190's avatar
      kalyan190
      Copper Contributor
      Aug 10, 2021
      Sure, will open a ticket with Microsoft. Thanks Roger
      • VarunRai's avatar
        VarunRai
        Copper Contributor
        Oct 08, 2021

        kalyan190 Hi Kalyan, were you able to get any workaround for the issue. 

        We are currently getting similar issue in Ubuntu 16.04 where below errors  in /var/log/syslog are quickly filling up the hard drive. 

        Oct 8 00:35:15 hatchdpdeceallocator01 audispd: Starting reconfigure
        Oct 8 00:35:15 hatchdpdeceallocator01 audispd: priority_boost_parser called with: 4
        Oct 8 00:35:15 hatchdpdeceallocator01 audispd: max_restarts_parser called with: 10