₳Ⱡ₥Ø₲

No, I'm sorry, are you saying there cant be a fix in laurel? also if that speculation is correct I should see more events per second in that gap rather...

@hillu we are also seeing selinux msgs about laurel trying to get rpm info for files for many random files for example, it doesnt seem to affect laurel though... I...

yes they appear in avc and also selinux troubleshoot, I will post them next week

Hello @hillu we checked an option to change q_depth of audispd (rhel 7) and it might fix the error of pipe full, but we afterwards still encountered logs that laurel...

Iil come back to you with an answer, regarding q_depth doesnt it fix the buffer size you mentioned before?

I am using the selinux policy in the git, the permissive type is included there with a comment of removing it only if there are no avcs

memory mapped files similar to dump_files in volatility2 and filescan to scan FILE_OBJECT in memory

@PNW-Hacker is pagecache equivalent of filescan in volatility2? If no then what is the alternative

@gcmoreira what @PNW-Hacker commented above is right.

@ufrisk I understand, thanks