The audit process (auditd) listens on a Transmission Control Protocol (TCP) socket for system accounting events reported by other processes on the platform. The indicated socket operation failed with the indicated error.
An AUDITD_SOCKET_FAILURE message is logged when there is a failure in the internal TCP connection used to report system accounting events.
The log message will appear when a process is not able to report an accounting event to the auditd process. As an example, the log message may appear as follows:
AUDITD_SOCKET_FAILURE: unable to open socket
There may be corruption in the TCP information on either end of the connection.
Review the log messages output to see if there are any associated entries for tasks or events that may be causing the message to occur.
To troubleshoot this issue, start by looking at the log messages output just before or after the AUDITD_SOCKET_FAILURE message is listed. There may be a process listed that is attempting to communicate with the auditd process.
If you can find a suspect process, try restarting the process with the CLI command:
restart {process_name}
Otherwise restart the auditd process with the CLI command:
restart audit-process