[PATCH] audit: optionally print warning after waiting to enqueue record
Max Englander
max.englander at gmail.com
Thu Jun 25 03:34:56 UTC 2020
On Tue, Jun 23, 2020 at 08:15:59PM -0400, Paul Moore wrote:
> On Thu, Jun 18, 2020 at 8:30 PM Richard Guy Briggs <rgb at redhat.com> wrote:
> > On 2020-06-18 23:48, Max Englander wrote:
> > > In case you’re any more receptive to the idea, I thought I’d mention
> > > that the need this patch addresses would be just as well fulfilled if
> > > wait times were reported in the audit status response along with other
> > > currently reported metrics like backlog length and lost events. Wait
> > > times could be reported as a cumulative sum, a moving average, or in
> > > some other way, and would help directly implicate or rule out backlog
> > > waiting as the cause in the event that an admin is faced with debugging
> > > degraded kernel performance. It would eliminate the need for a new flag,
> > > and fit well with the userspace tooling approach you suggested above.
> >
> > Such as is captured in this upstream issue from 3 years ago:
> >
> > https://github.com/linux-audit/audit-kernel/issues/63
> > "RFE: add kernel audit queue statistics"
>
> I would be more open to the idea of reporting queue statistics as part
> of the audit status information, or similar.
>
> --
> paul moore
> www.paul-moore.com
Excellent, I'll send a v2 patch.
More information about the Linux-audit
mailing list