Another question - audit_lost

Hi, I set audit_backlog to 1024, and the logging flag to 0 (ignore). still under heavy load I get: audit: audit_lost=390 audit_backlog=3 audit_rate_limit=0 audit_backlog_limit=1024 [... other messages ...] audit: audit_lost=702 audit_backlog=2 audit_rate_limit=0 audit_backlog_limit=1024 audit: audit_lost=703 audit_backlog=1 audit_rate_limit=0 audit_backlog_limit=1024 [... other messages ...] audit: audit_lost=870 audit_backlog=24 audit_rate_limit=0 audit_backlog_limit=1024 [... more audit_lost messages ...] audit: audit_lost=892 audit_backlog=2 audit_rate_limit=0 audit_backlog_limit=1024 This is around 30 lost audit events reported to syslog despite I disabled this, the backlog is high enough and auditd is running (it gets 102k lines in the first 60 seconds of my system startup) Greetings, Erich Schubert -- erich(a)(mucl.de|debian.org) -- GPG Key ID: 4B3A135C (o_ To understand recursion you first need to understand recursion. //\ Wo befreundete Wege zusammenlaufen, da sieht die ganze Welt für V_/_ eine Stunde wie eine Heimat aus. --- Herrmann Hesse