On Mo, 02.10.17 11:25, Brad Zynda ([email protected]) wrote: > Sep 28 13:50:03 server systemd-journal[565]: Suppressed 73244 messages > from /system.slice/auditd.service
The question is: why does auditd even log to the journal? > Now we are required to have full audit rules and does this look like at > rate limiting issue or an issue of journal not able to handle the > traffic to logging? journald detected that it got flooded with too many messages in too short a time from auditd. if this happens then something is almost certainly off with auditd, as auditd is not supposed to flood journald with messages, after all it maintains its own auditing log database. Please ping the auditd folks for help Lennart -- Lennart Poettering, Red Hat _______________________________________________ systemd-devel mailing list [email protected] https://lists.freedesktop.org/mailman/listinfo/systemd-devel
