Phenomenon description:
Linux SSH cannot be connected and can be pinged. The login interface will give an error prompt audit: backlog limit exceeded
audit:backlog limit exceeded audit:backlog limit exceeded audit:backlog limit exceeded audit:backlog limit exceeded audit:backlog limit exceeded audit:backlog limit exceeded audit:backlog limit exceeded audit:backlog limit exceeded ...
Cause analysis:
The error is Linux kernel logs. The reason for the problem is that the audit service performs audit event operations in a busy system, and there is a bottleneck in the buffer, resulting in the system near crash.
Background:
Audit is a service used to record the user’s underlying calls in Linux system. It is used to record the user’s open, exit and other system calls, and write the records to the log file. Audit can add or delete audit rules by using the auditctl command. You can set recording for a user or for a process.
Main command: auditctl audit rules & amp; The system management tool is used to obtain status, add and delete monitoring rules, audit search query audit log tool, and audit report output audit system report
Solution:
You can try to increase the audit buffer to solve this problem.
The default memory page size for Linux is 4096 bytes. You can obtain the page size through the following command: getconf page_ Size, which can be set to N times of paging
View help auditctl – H
View the current default configuration auditctl – S
backlog_ Limit 320 # my centos7 1 only 320 by default
Optimize the audit service and modify the buffer size auditctl – B 8192. If not set, the system defaults to 64bytes
Settings take effect permanently:
Method 1) modify the rule configuration VIM/etc/audit/audit Rules - D - B 8192 - F 1 Parameter Description: – D delete all rules – B set the audit buffer size. If the buffer is full, the kernel will issue a failure flag – f [0|1|2] set the level of audit acquisition error. There are three values of 0/1/2. 0 is no log output; 1 is the output printk log; 2 is the highest level and will output a large amount of log information -e [0|1] enable/disable audit
Method 2) you can also set CHMOD U + X/etc/rc d/rc. local vim /etc/rc. d/rc. local auditctl -b 8192
Read More:
- [Solved] Linux Error: ENOSPC: System limit for number of file watchers
- [Solved] Linux Error: Error: ENOSPC: System limit for number of file watchers
- [Solved] Linux — 9 — txt files are copied from windows to Linux and read error
- [Solved] Error: ENOSPC: System limit for number of file watchers reached
- [Solved] Linux Error: mipsel-linux-gcc: fatal error: no input files
- Solution of device eth0 does not see to be present, delaying initialization. Error in network card under Linux
- Linux: Configure Network address through Netplan
- [Solved] ERROR: Linux route delete command failed: external program exited with error status: 2
- Installation and configuration of redis in Linux
- [Solved] Go use zoom to connect DM database and start reporting error in Linux
- Linux: How to Solve sudo operate Error
- Linux system service command error: Failed to allocate directory watch: Too many open files
- linux Ubuntu Error: No command ‘setenv‘ found
- Restart and stop of nginx in Linux service
- [Solved] Linux SSH Login Terminal Error: shell request failed on channel 0
- EasyConnect linux (ubuntu 20.04) Run Error [How to Solve]
- [Solved] Error in installing backups.lzma for Python on Linux
- Linux: How to Solve Rabbitmq Plug-in Install Error
- [Solved] Linux WebService Startup Error: BindException: Cannot assign requested address
- [Solved] Linux Service Start Error: *.service: Main process exited, code=exited, status=203/EXEC