All,

Running Red Hat 5.4 and I have auditd turned off so that the audit logs go to /var/log/messages, this way I can forward all of the logs to a centralized log server.  Probably other ways to do this but this setup works well on our Fedora 8 machines.  Question I have is that I am getting a lot of “kernel: printk: 39 messages suppressed”  messages in the /var/log/messages file.  On fedora 8, this does not happen, everything comes through with no suppression.  Any ideas on what changed in auditing that would cause this?

Thanks!