Home » Categories » Linux

How to recover error - Audit error: dispatch err (pipe full) event lost

Article Number: 633 | Rating: Unrated | Last Updated: Tue, Aug 6, 2019 3:25 PM

How to recover error - Audit error: dispatch err (pipe full) event lost?

Solution Unverified - Updated -
English

Environment

  • Red Hat Enterprise Linux 7.3

Issue

  • Log file /var/log/messages showing audit error as below -

    Raw
    dispatch err (pipe full) event lost
dispatch err (pipe full) event lost
dispatch err (pipe full) event lost
dispatch err (pipe full) event lost
dispatch err (pipe full) event lost
dispatch err (pipe full) event lost
dispatch err (pipe full) event lost
dispatch err (pipe full) event lost
dispatch err (pipe full) event lost
dispatch err (pipe full) event lost
dispatch error reporting limit reached - ending report notification.

Resolution

  • Edit /etc/audit/auditd.conf and set the value of disp_qos=lossy setting to disp_qos=lossless

    Raw
    cat /etc/audit/auditd.conf  | grep disp_qos
disp_qos=lossless

Root Cause

  • The reason behind this error is that program is not pulling the events from the audit daemon fast enough.
Posted - Tue, Aug 6, 2019 3:25 PM. This article has been viewed 24265 times.
Filed Under: Linux
0 (0)
Article Rating (No Votes)
Rate this article
Attachments
There are no attachments for this article.
Comments
There are no comments for this article. Be the first to post a comment.
Full Name
Email Address
Security Code Security Code
Related Articles RSS Feed
Linux Linux Network Statistics Tools / Commands
Viewed 8704 times since Mon, Sep 21, 2020
INSTALACJA MIB SNMP W SYSTEMIE CENTOS/RHEL 6
Viewed 12631 times since Fri, Nov 30, 2018
Logrotate Example for Custom Logs
Viewed 2291 times since Sun, Jan 12, 2020
Zabijanie wszystkich procesów użytkownika
Viewed 2382 times since Thu, May 24, 2018
RHCS6: Mirror/unmirror a GFS2 volume
Viewed 4909 times since Sun, Jun 3, 2018
Jak ustawić LVM, jak robić snapshoty oraz automatycznie powiększać LV, czyli małe howto
Viewed 4213 times since Sun, May 20, 2018
10 Linux cryptsetup Examples for LUKS Key Management (How to Add, Remove, Change, Reset LUKS encryption Key)
Viewed 4817 times since Tue, Jul 31, 2018
SSH Essentials: Working with SSH Servers, Clients, and Keys
Viewed 3984 times since Wed, Jun 27, 2018
CentOS / RHEL : How to move a Volume Group from one system to another
Viewed 3010 times since Mon, Jan 28, 2019
An easier way to manage disk decryption at boot with Red Hat Enterprise Linux 7.5 using NBDE
Viewed 6866 times since Mon, Aug 6, 2018