Occasional delayed output of events
Paul Moore
paul at paul-moore.com
Wed Jan 20 22:50:23 UTC 2021
On Wed, Jan 20, 2021 at 1:38 AM Burn Alting <burn.alting at iinet.net.au> wrote:
> All,
>
> How is the following for a way forward.
>
> a. I will author a patch to the user space code to correctly parse this condition and submit it on the weekend. It will be via a new configuration item to auditd.conf just in case placing a fixed extended timeout (15-20 secs) affects memory usage for users of the auparse library. This solves the initial problem of ausearch/auparse failing to parse generated audit.
> b. I am happy to instrument what ever is recommended on my hosts at home (vm's and bare metal) to provide more information, should we want to 'explain' the occurrence, given I see this every week or two and report back.
Seems reasonable to me.
--
paul moore
www.paul-moore.com
More information about the Linux-audit
mailing list