If you see this message repeatedly in syslog and the syslog file is flooded with this message


Appliance-name kernel:[34026.139671] DIGSIG MODULE - digest matched against database

Appliance-name kernel:[34026.139671] DIGSIG MODULE - digest matched against database

Appliance-name kernel:[34026.139671] DIGSIG MODULE - digest matched against database

Appliance-name kernel:[34026.139671] DIGSIG MODULE - digest matched against database

Appliance-name kernel:[34026.139671] DIGSIG MODULE - digest matched against database

Appliance-name kernel:[34026.139671] DIGSIG MODULE - digest matched against database

Appliance-name kernel:[34026.139671] DIGSIG MODULE - digest matched against database


Syslog flood is not an issue. i.e. Veriexec is doing its job to check all executables for one time. This is seen only during enabling verified-execution via secure-mode, where verified-execution module is checking the hashes of known Versa executables and libraries against the database

Bug-ID: 104237
Description: Do not flood syslog when secure mode is enabled for veriexec and only log if there is an issue.


workaround:


sudo sed -i "s/ENABLE_VERIEXEC=1/ENABLE_VERIEXEC=0/" /opt/versa/scripts/flexvnf-prestart.sh


Issue is fixed starting kernel 5.4.0-170