max number of rules?
Peter Moody
pmoody at google.com
Mon Aug 27 18:02:24 UTC 2012
Does anyone know the number of audit rules that can be installed on a
system before having to traverse the list of rules on every syscall
starts to take a noticeable amount of time? I'm assuming no rules that
generate excessive logs, so nothing like '-a exit,always -S execve' or
'-a exit,always -S open'.
Cheers,
peter
--
Peter Moody Google 1.650.253.7306
Security Engineer pgp:0xC3410038
More information about the Linux-audit
mailing list