M BUZZ CRAZE NEWS
// general

What's the meaning of "audit: backlog limit exceeded"

By David Jones

I have a Ubuntu Server machine running Docker containers. I have some hard drives mounted for the Docker machines to use (mainly media storage)

I installed Ubuntu Server with all defaults settings.
I have on the screen many logs appearing:

[59.959145] audit: backlog limit exceeded

The lines are appearing randomly, and I have no idea what it means...  

1 Answer

I believe this occurs when kernel kauditd thread is not being able to service the audit records fast enough and a backlog occurs. The default audit backlog is 64 audit buffers, so it may help if these are increased. This can be set to be larger using the kernel parameter "audit_backlog_limit".

For example, edit /etc/default/grub and add audit_backlog_limit=256 to the GRUB_CMDLINE_LINUX setting and run sudo update-grub to set this to 256 buffers.

Your Answer

Sign up or log in

Sign up using Google Sign up using Facebook Sign up using Email and Password

Post as a guest

By clicking “Post Your Answer”, you agree to our terms of service, privacy policy and cookie policy

More in general

"Zoraya ter Beek, age 29, just died by assisted suicide in the Netherlands. She was physically healthy, but psychologically depressed. It's an abomination that an entire society would actively facilitate, even encourage, someone ending their own life because they had no hope. Th…"

"Absolutely my pleasure, mate. It is a really incredible piece, and if it’s not featured in Substack Reads I will immediately raise a militia and….uh….then we’ll stand around grumbling and handing out leaflets (I’m British, this is how we do over here). Magically well done. And…"