On Monday 21 February 2005 21:38, Erich Schubert wrote: > I set audit_backlog to 1024, and the logging flag to 0 (ignore). > still under heavy load I get: Out of curiousity, what kernel & audit daemon version were you using? What were your audit rules? Did you change anything in auditd.conf? Thanks, -Steve Grubb