Occasional delayed output of events

[Lenny Bruzenak]

On 1/19/21 2:18 AM, Burn Alting wrote:

>> Anyway, my test setup isn't likely able to reproduce such a scenario
>> without some significant tweaks, so perhaps those of you who have seen
>> this problem (Burn, and anyone else?) could shed some light into the
>> state of the system when the ordering problem occurred.
>
> I tend to have a rigorous auditing posture (see the rules loaded in
> https://github.com/linux-audit/audit-userspace/issues/148) which is
> not normal for most. Perhaps, Paul, you have hit the nail on the head
> by stating that this 'severe delay' is not that unreasonable given my
> rules posture and we just need to 'deal with it' in user space.
> We still get the event data, I just need to adjust the user space
> tools to deal with this occurrence.
> As for what the system is doing, in my home case it's a Centos 7 VM
> running a tomcat service which only gets busy every 20 minutes and the
> other is a HPE Z800 running Centos 8 with 4-5 VM's mostly dormant. I
> can put any code in these hosts to assist in 'validating'/testing the
> delay. Advise and I will run.


Looking at the records which appear to be delayed (in OP), I see that
they are PATH (w/PROCTITLE). Just curious, is the path involved part of
a networked FS, or something like a VM shared directory?

Thx,

LCB

-- 
Lenny Bruzenak
MagitekLTD

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20210119/d56c5bab/attachment.htm>