How to recover error - Audit error: dispatch err (pipe full) event lost

How to recover error - Audit error: dispatch err (pipe full) event lost?

Solution Unverified - Updated -

Environment

  • Red Hat Enterprise Linux 7.3

Issue

  • Log file /var/log/messages showing audit error as below -

    dispatch err (pipe full) event lost
    dispatch err (pipe full) event lost
    dispatch err (pipe full) event lost
    dispatch err (pipe full) event lost
    dispatch err (pipe full) event lost
    dispatch err (pipe full) event lost
    dispatch err (pipe full) event lost
    dispatch err (pipe full) event lost
    dispatch err (pipe full) event lost
    dispatch err (pipe full) event lost
    dispatch error reporting limit reached - ending report notification.
    

Resolution

  • Edit /etc/audit/auditd.conf and set the value of disp_qos=lossy setting to disp_qos=lossless

    cat /etc/audit/auditd.conf  | grep disp_qos
    disp_qos=lossless 
    

Root Cause

  • The reason behind this error is that program is not pulling the events from the audit daemon fast enough.
0 (0)
Article Rating (No Votes)
Rate this article
Attachments
There are no attachments for this article.
Comments
There are no comments for this article. Be the first to post a comment.
Full Name
Email Address
Security Code Security Code
Related Articles RSS Feed
RHCS6: Debug and test multicast traffic between two hosts
Viewed 6644 times since Sun, Jun 3, 2018
“Too many authentication failures” with SSH
Viewed 6038 times since Mon, May 21, 2018
Fedora 32: Simple Local File-Sharing with Samba CIFS Linux
Viewed 8814 times since Sun, Dec 6, 2020
stunnel Securing telnet connections with stunnel
Viewed 1492 times since Sun, Dec 6, 2020
RHCS6: Luci - the cluster management console
Viewed 3210 times since Sun, Jun 3, 2018
What Is /dev/shm And Its Practical Usage
Viewed 7981 times since Tue, Mar 12, 2019
Linux LVM recovery
Viewed 17737 times since Wed, Jan 23, 2019
Turbocharge PuTTY with 12 Powerful Add-Ons – Software for Geeks #3
Viewed 14618 times since Sun, Sep 30, 2018
LVM: Extend an existing Logical Volume / Filesystem
Viewed 2459 times since Sat, Jun 2, 2018
Logowanie za pomocą kluczy Secure Shell
Viewed 2953 times since Thu, May 24, 2018