I am now suffered with audit : backlog limit exceeded.
I found some articles with similar situation and they said adjust audit log count with audit.rules.
Here is my audit.rules
## This file is automatically generated from /etc/audit/rules.d
-D
-b 320
I would like to change that 320 to somewhat higher, but I do not know how to set proper values. (I do not even know this value is concerned with memory or openfiles)
By watching audit.log, I assume that it records almost every command working with daemon process. I got 4 docker containers and 1 qemu VM in the machine.
A suggestion or reference will be very appreciated. I would like to set the best value to this audit, so want to prevent machine become disabled.
Thanks!
FYI, this is my memInfo
MemTotal: 65755736 kB
MemFree: 62985572 kB
MemAvailable: 63955852 kB
Buffers: 5136 kB
Cached: 1169252 kB
SwapCached: 0 kB
Active: 1198532 kB
Inactive: 750240 kB
Active(anon): 775204 kB
Inactive(anon): 8352 kB
Active(file): 423328 kB
Inactive(file): 741888 kB
Unevictable: 0 kB
Mlocked: 0 kB
SwapTotal: 29200380 kB
SwapFree: 29200380 kB
Dirty: 6708 kB
Writeback: 964 kB
AnonPages: 799520 kB
Mapped: 38752 kB
Shmem: 9140 kB
Slab: 170132 kB
SReclaimable: 60620 kB
SUnreclaim: 109512 kB
KernelStack: 8448 kB
PageTables: 39464 kB
NFS_Unstable: 0 kB
Bounce: 0 kB
WritebackTmp: 0 kB
CommitLimit: 62078248 kB
Committed_AS: 17605768 kB
VmallocTotal: 34359738367 kB
VmallocUsed: 497488 kB
VmallocChunk: 34325640552 kB
HardwareCorrupted: 0 kB
AnonHugePages: 686080 kB
HugePages_Total: 0
HugePages_Free: 0
HugePages_Rsvd: 0
HugePages_Surp: 0
Hugepagesize: 2048 kB
DirectMap4k: 139264 kB
DirectMap2M: 4026368 kB
DirectMap1G: 65011712 kB
