Events lost with dispatcher

[Steve Grubb]

On Wednesday 31 March 2010 03:32:33 pm Vishwanath Venkatesan wrote:
> The process is running, I get all the events in audit.log if I use  
> 'RAW' mode,

This only affects disk logging and has no effect on dispatching.

> I am losing events when using the dispatcher mode. (ex: there are 100  
> events to be received, I receive just 70)

Is there anything in syslog from auditd? What is your priority boost in 
auditd.conf and audispd.conf?

-Steve