Re: [PATCH] audit: optionally print warning after waiting to enqueue record

On 2020-06-18 23:48, Max Englander wrote: > In case you’re any more receptive to the idea, I thought I’d mention > that the need this patch addresses would be just as well fulfilled if > wait times were reported in the audit status response along with other > currently reported metrics like backlog length and lost events. Wait > times could be reported as a cumulative sum, a moving average, or in > some other way, and would help directly implicate or rule out backlog > waiting as the cause in the event that an admin is faced with debugging > degraded kernel performance. It would eliminate the need for a new flag, > and fit well with the userspace tooling approach you suggested above. Such as is captured in this upstream issue from 3 years ago: https://github.com/linux-audit/audit-kernel/issues/63 "RFE: add kernel audit queue statistics"