On Friday 21 December 2007 10:53:01 Gilbert Sebenste wrote: > Getting lots of these when doing dmesg: > > audit: audit_backlog=321 > audit_backlog_limit=320 > audit: audit_lost=1700 audit_rate_limit=0 audit_backlog_limit=320 > audit: backlog limit exceeded It means that you are getting flooded with audit events. You can increase the audit daemon's priority to make sure it has enough run time to empty its queue or lengthen the backlog. To lengthen the backlog, edit /etc/audit/audit.rules and change the "-b 320" to "-b 8192". This will allocate 8192 buffers in the kernel for audit events instead of 320. If that doesn't do it, bump the priority by editing /etc/audit/auditd.conf and change "priority_boost = 3" to "priority_boost = 4" or 5. But this begs the question about what is flooding your system. To find out, run "aureport --start today" and look around to see what kind of things is happening. Maybe "aureport --start today --event --summary -i" would be helpful, too. -Steve -- fedora-test-list mailing list fedora-test-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-test-list
