Home » Categories » Linux

How to recover error - Audit error: dispatch err (pipe full) event lost

Article Number: 633 | Rating: Unrated | Last Updated: Tue, Aug 6, 2019 3:25 PM

How to recover error - Audit error: dispatch err (pipe full) event lost?

Solution Unverified - Updated -
English

Environment

  • Red Hat Enterprise Linux 7.3

Issue

  • Log file /var/log/messages showing audit error as below -

    Raw
    dispatch err (pipe full) event lost
dispatch err (pipe full) event lost
dispatch err (pipe full) event lost
dispatch err (pipe full) event lost
dispatch err (pipe full) event lost
dispatch err (pipe full) event lost
dispatch err (pipe full) event lost
dispatch err (pipe full) event lost
dispatch err (pipe full) event lost
dispatch err (pipe full) event lost
dispatch error reporting limit reached - ending report notification.

Resolution

  • Edit /etc/audit/auditd.conf and set the value of disp_qos=lossy setting to disp_qos=lossless

    Raw
    cat /etc/audit/auditd.conf  | grep disp_qos
disp_qos=lossless

Root Cause

  • The reason behind this error is that program is not pulling the events from the audit daemon fast enough.
Posted - Tue, Aug 6, 2019 3:25 PM. This article has been viewed 25281 times.
Filed Under: Linux
0 (0)
Article Rating (No Votes)
Rate this article
Attachments
There are no attachments for this article.
Comments
There are no comments for this article. Be the first to post a comment.
Full Name
Email Address
Security Code Security Code
Related Articles RSS Feed
OEL 7 – How to disable IPv6 on Oracle Linux 7
Viewed 20064 times since Fri, Aug 3, 2018
How to use yum-cron to automatically update RHEL/CentOS Linux 6.x / 7.x
Viewed 4882 times since Tue, Dec 4, 2018
SSH ProxyCommand example: Going through one host to reach another server
Viewed 13414 times since Tue, Aug 6, 2019
RHEL: What is "SysRq key" and how to use it
Viewed 5125 times since Sat, Jun 2, 2018
OpenSSL: Check If Private Key Matches SSL Certificate & CSR
Viewed 2956 times since Mon, Feb 18, 2019
Linux Cluster Tutorial
Viewed 1968 times since Sat, Sep 29, 2018
debian How to check Debian CVE status using python script
Viewed 3443 times since Sun, Sep 23, 2018
Prosty skaner portów TCP w bash
Viewed 3160 times since Thu, May 24, 2018
Do you Know These 5 Use of V$session View ?
Viewed 103700 times since Thu, Jun 21, 2018
stunnel bacula
Viewed 1939 times since Fri, Sep 28, 2018