2down vote There is multiple solution: To lengthen the backlog, add or edit /etc/audit/audit.rules by adding or editing "-b 320" to "-b 8192". change the priority by editing priority_boost from 3 to 4 or 5 in /etc/audit/auditd.conf. To find out about what problem cause this issue, run aureport --start today or aureport --start today --event --summary -i Book traversal links for Server locking up audit , /var/log/messages reports “backlog limit exceeded” ‹ SShd 設定 Up Web server hardware ›
