If you’re running a busy Linux system, you may see the following error in your Kernel logs:
“audit: backlog limit exceeded”.
To alleviate the message output in your logs, you can increase the audit buffer.
Determining the appropriate value may require some time and experimentation. As a general rule, we suggest doubling the value and then observing it’s affects. It is recommended not to set the value too high, as it may cause increased system resource usage.
Please note that the “audit: backlog limit exceeded” message is a generic message and could be a symptom of a bigger issue (most common, log writing issues due to ext4 file system issues). Further troubleshooting may be necessary.