[PATCH] audit: optionally print warning after waiting to enqueue record
Paul Moore
paul at paul-moore.com
Wed Jun 24 00:15:59 UTC 2020
On Thu, Jun 18, 2020 at 8:30 PM Richard Guy Briggs <rgb at redhat.com> wrote:
> On 2020-06-18 23:48, Max Englander wrote:
> > In case you’re any more receptive to the idea, I thought I’d mention
> > that the need this patch addresses would be just as well fulfilled if
> > wait times were reported in the audit status response along with other
> > currently reported metrics like backlog length and lost events. Wait
> > times could be reported as a cumulative sum, a moving average, or in
> > some other way, and would help directly implicate or rule out backlog
> > waiting as the cause in the event that an admin is faced with debugging
> > degraded kernel performance. It would eliminate the need for a new flag,
> > and fit well with the userspace tooling approach you suggested above.
>
> Such as is captured in this upstream issue from 3 years ago:
>
> https://github.com/linux-audit/audit-kernel/issues/63
> "RFE: add kernel audit queue statistics"
I would be more open to the idea of reporting queue statistics as part
of the audit status information, or similar.
--
paul moore
www.paul-moore.com
More information about the Linux-audit
mailing list