[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: expected performance hit for logging all execve's?



On Friday, January 20, 2012 03:06:13 PM Peter Moody wrote:
> I'm trying to run some tests so I can find locally relevant numbers,
> but I was wondering if you had any idea what sort of performance hit
> I'd be incurring by logging every successful execve.
> 
> To be sure, I consider this a bad idea and I'm actually looking to
> disuade people of it.

It is a bad idea. Think of shell scripting.You can get 100s of execve's for just 
one command on a command line. You'll never find what you think you wanted. I 
think we did some testing over 5 years ago. There was a micro-benchmark here:

http://people.redhat.com/sgrubb/files/lspp-perf.tar.gz

I think it was testing the access syscall. But you can substitute what you want. 
I have not benchmarked the audit system in years.

-Steve


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]