You're almost there! Please answer a few more questions for access to the Applications content. Complete registration
Interested in joining? Complete your registration by providing Areas of Interest here. Register
Skip to content
  • Register

    • Message "audit: kauditd hold queue overflow" is reported during boot”

    in Linux

    Applies To:

    Oracle Cloud Infrastructure

    Oracle Linux

    Symptoms:

    The following message appears during boot while using the boot parameter audit=1:[ 5.563805] audit: kauditd hold queue overflowCause:The audit=1 boot parameter enables a kernel auditing subsystem that ensures all processes that run before the audit daemon starts are marked as auditable by the kernel. Not using audit=1 will make a few processes impossible to properly audit.

    This is documented in the auditd manpage:

    $ man auditd

    [...]

    NOTES

           A boot param of audit=1 should be added to ensure that all processes that run before the audit daemon starts is marked as auditable by the kernel. Not doing that will make a few processes impossible to properly audit.
    Tagged:

    Howdy, Stranger!

    Log In

    To view full details, sign in.

    Register

    Don't have an account? Click here to get started!