Home » Categories » Linux

How to recover error - Audit error: dispatch err (pipe full) event lost

Article Number: 633 | Rating: Unrated | Last Updated: Tue, Aug 6, 2019 3:25 PM

How to recover error - Audit error: dispatch err (pipe full) event lost?

Solution Unverified - Updated -
English

Environment

  • Red Hat Enterprise Linux 7.3

Issue

  • Log file /var/log/messages showing audit error as below -

    Raw
    dispatch err (pipe full) event lost
dispatch err (pipe full) event lost
dispatch err (pipe full) event lost
dispatch err (pipe full) event lost
dispatch err (pipe full) event lost
dispatch err (pipe full) event lost
dispatch err (pipe full) event lost
dispatch err (pipe full) event lost
dispatch err (pipe full) event lost
dispatch err (pipe full) event lost
dispatch error reporting limit reached - ending report notification.

Resolution

  • Edit /etc/audit/auditd.conf and set the value of disp_qos=lossy setting to disp_qos=lossless

    Raw
    cat /etc/audit/auditd.conf  | grep disp_qos
disp_qos=lossless

Root Cause

  • The reason behind this error is that program is not pulling the events from the audit daemon fast enough.
Posted - Tue, Aug 6, 2019 3:25 PM. This article has been viewed 26239 times.
Filed Under: Linux
0 (0)
Article Rating (No Votes)
Rate this article
Attachments
There are no attachments for this article.
Comments
There are no comments for this article. Be the first to post a comment.
Full Name
Email Address
Security Code Security Code
Related Articles RSS Feed
stunnel How To Set Up an SSL Tunnel Using Stunnel on Ubuntu
Viewed 1889 times since Sun, Dec 6, 2020
20 Linux YUM (Yellowdog Updater, Modified) Commands for Package Management YUM
Viewed 11461 times since Thu, Oct 25, 2018
RHEL: Reinstalling Boot Loader on the Master Boot Record (MBR)
Viewed 3537 times since Sun, May 27, 2018
Tunnel SSH Connections Over SSL Using ‘Stunnel’ On Debian 7 / Ubuntu 13.10
Viewed 3463 times since Fri, Sep 28, 2018
LVM: Rename root VG/LV
Viewed 7796 times since Sat, Jun 2, 2018
Enabling or disabling a repository using Red Hat Subscription Management
Viewed 10276 times since Mon, Oct 29, 2018
Learn how to align an SSD on Linux
Viewed 12678 times since Fri, May 15, 2020
HP-UX - Stunnel Configuration
Viewed 2520 times since Fri, Sep 28, 2018
RHEL: Route network packets to go out via the same interface they came in
Viewed 3268 times since Sat, Jun 2, 2018
logrotate - rotates, compresses, and mails system logs.
Viewed 1862 times since Fri, Nov 30, 2018