[PATCH v2] audit: report audit wait metric in audit status reply
Paul Moore
paul at paul-moore.com
Tue Dec 8 23:08:40 UTC 2020
On Mon, Dec 7, 2020 at 8:34 PM Richard Guy Briggs <rgb at redhat.com> wrote:
> On 2020-12-07 18:28, Steve Grubb wrote:
...
> > Other metrics would be good. I'd like to see a max_backlog to know if we are
> > wasting memory. It would just record the highwater mark since auditing was
> > enabled.
>
> That would be covered with this issue:
> https://github.com/linux-audit/audit-kernel/issues/63
For those who haven't clicked on the GH issue above, increasing the
queue depth doesn't result in wasted memory; memory is allocated as
needed and released when it is no longer used. Simply increasing the
backlog size doesn't increase the amount of memory used in the kernel
by audit until the backlog queues start to fill. Once the backlog is
cleared by auditd then the memory is released.
--
paul moore
www.paul-moore.com
More information about the Linux-audit
mailing list