To improve the kernel capacity to queue all log events, even those which occurred
prior to the audit daemon, add the argument audit_backlog_limit=8192
to the default
GRUB 2 command line for the Linux operating system.
To ensure that audit_backlog_limit=8192
is added as a kernel command line
argument to newly installed kernels, add audit_backlog_limit=8192
to the
default Grub2 command line for Linux operating systems. Modify the line within
/etc/default/grub
as shown below:
GRUB_CMDLINE_LINUX="... audit_backlog_limit=8192 ..."
Run the following command to update command line for already installed kernels:# update-grub