'kernel: audit: backlog limit exceeded' messages in /var/log/messages

Solution Verified - Updated -

Issue

  • /var/log/messages shows repeated messages indicating the audit_backlog was greater than the allowed limit
 kernel: audit: audit_backlog=65537 > audit_backlog_limit=65536
 kernel: audit: audit_lost=126533574 audit_rate_limit=0 audit_backlog_limit=65536

Environment

  • Red Hat Enterprise Linux

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In