Question:

    There are some unusual messages on the MTP screen and we can now longer access the server. What can we do ?


        Answer:

    As stable as a MTP is, it may crash still and you see this kind of errors:

    audit: backlog limit exceeded
    audit: audit_backlog=321 > audit_backlog_limit=320
    printk: 2 messages suppressed.
    audit_backlog=321 > audit_backlog_limit=320
    audit: audit_lost=1117 audit_rate_limit=0 audit_backlog_limit=320

    The MTP may still respond to pings, but the graphic interface will no longer be accessible.

    This is a Linux issue.
 
    Use root credentials or sudo before the commands below and do the following:

   1. Reboot the server to make it accessible.
   2. As soon as it reboots and we have access to the OS, then run this command :
       vim /etc/audit/rules.d/audit.rules
   3. Press the i key to access insert mode.
   4. Go down to where it says -b 320
   5. Using your keyboard, change the 320 to 1892.
   6. Press the Esc key.
   7. Then type :wq

   By now, you should be able to get the MTP operational.

  There is still a need to figure out what is flooding the audit log.
  Run these commands (without the quotes) :

  "aureport --start today"
  or
  "aureport --start today --event --summary -i"
 
  and try to find some hints of what happened.


        Additional Information:

  1. Server locking up, /var/log/messages reports “backlog limit exceeded”

  2. How to recover a crashed MTP