What's the meaning of "audit: backlog limit exceeded"

I believe this occurs when kernel kauditd thread is not being able to service the audit records fast enough and a backlog occurs. The default audit backlog is 64 audit buffers, so it may help if these are increased. This can be set to be larger using the kernel parameter "audit_backlog_limit".

For example, edit /etc/default/grub and add audit_backlog_limit=256 to the GRUB_CMDLINE_LINUX setting and run sudo update-grub to set this to 256 buffers.

Related videos on Youtube

08 : 03

What is Second Opinion Engagement in Advanced Audit and Assurance? LSBF Singapore ACCA | Daniel Chee

LSBF Singapore

415

04 : 05

What is RISK-LIMITING AUDIT? What does RISK-LIMITING AUDIT mean? RISK-LIMITING AUDIT meaning

The Audiopedia

270

01 : 30

Microsoft 365 - How to set the audit log retention policy

Quick Tech Training

261

08 : 03

How to calculate and keep product backlog health

Advance Skills Online

167

03 : 22

Share admin BM when Advertising access permanently restricted| Fix error This is our final decision

Nguyen Linh

4

Author by

Nemo

Updated on September 18, 2022