Fw: Audit record emission
Chris Wright
chrisw at osdl.org
Fri May 6 15:52:31 UTC 2005
* Steve Grubb (sgrubb at redhat.com) wrote:
> On Thursday 05 May 2005 17:34, Chris Wright wrote:
> > I always get drops with the following simple setup (default auditd.conf):
> <snip>
> > It's pathological, but always overloads the system which is useful for
> > testing.
>
> FWIW, I ran this for hours and had no lost messages. I tested with a backlog
> of 1024 & priority_boost of 3.
Good to know. I've always left the backlog at 64 (but then again, I was
usually trying to trigger the overflow).
thanks,
-chris
More information about the Linux-audit
mailing list