[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Another question - audit_lost



Hi,
I set audit_backlog to 1024, and the logging flag to 0 (ignore).
still under heavy load I get:

audit: audit_lost=390 audit_backlog=3 audit_rate_limit=0
audit_backlog_limit=1024
[... other messages ...]
audit: audit_lost=702 audit_backlog=2 audit_rate_limit=0
audit_backlog_limit=1024
audit: audit_lost=703 audit_backlog=1 audit_rate_limit=0
audit_backlog_limit=1024
[... other messages ...]
audit: audit_lost=870 audit_backlog=24 audit_rate_limit=0
audit_backlog_limit=1024
[... more audit_lost messages ...]
audit: audit_lost=892 audit_backlog=2 audit_rate_limit=0
audit_backlog_limit=1024

This is around 30 lost audit events reported to syslog despite I
disabled this, the backlog is high enough and auditd is running (it
gets 102k lines in the first 60 seconds of my system startup)

Greetings,
Erich Schubert
--
    erich@(mucl.de|debian.org)      --      GPG Key ID: 4B3A135C    (o_
  To understand recursion you first need to understand recursion.   //\
  Wo befreundete Wege zusammenlaufen, da sieht die ganze Welt für   V_/_
        eine Stunde wie eine Heimat aus. --- Herrmann Hesse


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]