All: I'm getting several hundred of these each day on my servers. I'm using remote logging to a central sever via the audisp-remote plugin. I've seen recommendations to up the following setting in audispd.conf to help minimize these errors: priority_boost = 8 This seems to raise the priority of the audispd daemon, but I'm also using audisp-remote to a central log servers. This setting doesn't seem to effect the priority of the remote plugin, as evidenced for the following output from the top command: PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND 13498 root 11 -4 10096 844 684 S 0.0 0.0 0:00.01 audisp-remote 13497 root 3 -12 16268 768 624 S 0.0 0.0 0:00.00 audispd 13495 root 11 -4 27352 868 588 S 0.0 0.0 0:00.00 auditd For the priority boost to be fully effective wouldn't it have to apply to the plugins as well? Is there a way to boost priority on audisp-remote? If not, should there be a way to do this or should it be automatic? Also are there any other settings that can be made to minimize/eliminate dropped events from audispd? I'm curious about the following: * Audispd.conf: q_depth * Audisp-remote.conf: queue_depth How do these two relate to each other, should they be the same, or some specific ratio... etc? Thanks in advance for any suggestions on this. Best Regards, Jim Richard