Auditd
Fix for crashing under heavy logging
Check
Validate the current behavior with auditctl -s and check the value of failure
| Value | Action | Description |
|---|---|---|
| 0 | Silent | No report is made on critical errors (Silent failure). |
| 1 | Printk | Default setting. Prints a critical error message to the system log. |
| 2 | Panic | Triggers a kernel panic and halts the system. This is used in high-security environments to ensure no unrecorded activity occurs. |
Example
Find where the setting is currently set to something other than 1 and change it, such as /etc/audit/rules.d/custom.rules
-f 1