Bug 1740798
Summary: | man auditctl(8) refers to backlog_limit in --backlog_wait_time wait_time | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 8 | Reporter: | Jan Pazdziora <jpazdziora> |
Component: | audit | Assignee: | Steve Grubb <sgrubb> |
Status: | CLOSED ERRATA | QA Contact: | Ondrej Moriš <omoris> |
Severity: | unspecified | Docs Contact: | |
Priority: | low | ||
Version: | 8.0 | CC: | omoris, tjaros |
Target Milestone: | rc | ||
Target Release: | 8.2 | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | audit-3.0-0.14.20191104git1c2f876 | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2020-04-28 16:46:58 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Jan Pazdziora
2019-08-13 16:01:13 UTC
The backlog limit is directly above the --backlog_wait_time on the man page. Modified the text slightly to clarify: https://github.com/linux-audit/audit-userspace/commit/e92e4839cdc4b9b2ab49125c766e435184f19e2f audit-3.0-0.14.20191104git1c2f876 has been built to address this issue. Acceptance Criteria: * backlog limit is explained in man page. Successfully verified: OLD (audit-3.0-0.13.20190507gitf58ec40.el8) =========================================== -b backlog Set max number of outstanding audit buffers allowed (Kernel Default=64) If all buffers are full, the failure flag is consulted by the kernel for action. --backlog_wait_time wait_time Set the time for the kernel to wait (Kernel Default 60*HZ) when the backlog_limit is reached before queuing more audit events to be transferred to auditd. The number must be greater than or equal to zero and less that 10 times the default value. NEW (audit-3.0-0.15.20191104git1c2f876.el8) =========================================== -b backlog Set max number (limit) of outstanding audit buffers allowed (Kernel Default=64) If all buffers are full, the failure flag is consulted by the kernel for action. --backlog_wait_time wait_time Set the time for the kernel to wait (Kernel Default 60*HZ) when the backlog limit is reached before queuing more audit events to be transferred to auditd. The number must be greater than or equal to zero and less that 10 times the default value. Backlog limit is explained [*] in '-b' option description preceding --backlog_wait option description. [*] max number of outstanding audit buffers allowed One more nitpick to fix upstream - missing dot after "(Kernel Default=64)' (...allowed (Kernel Default=64) If...). Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:1812 |