Fwd: Audit / Netlink slowness
Timothy R. Chavez
tinytim at us.ibm.com
Tue Jun 14 14:45:37 UTC 2005
Just passing this down the grapevine...
-tim
On Tuesday 14 June 2005 02:50, Jerone Young wrote:
> ---------- Forwarded message ----------
> From: Bernardo Innocenti <bernie at develer.com>
> Date: Jun 14, 2005 2:04 AM
> Subject: Audit / Netlink slowness
> To: fedora-devel-list at redhat.com
>
>
> Hello,
>
> on a server running kernel 2.6.11-1.1369_FC4, both ssh
> and su where taking a longish amount of time (over >1.5 sec.)
>
> Running "strace -r 2>strace.out su", I discovered that
> netlink communication is the major cause of slowdown.
>
> "su" connects to a NETLINK_AUDIT socket 3 or 4 times.
> Each time it does 2 sendto() + recvfrom() operations,
> with a latency of ~200ms. This adds up to 800ms wasted
> time.
>
> Disabling CONFIG_AUDIT in the kernel makes su and ssh
> very fast again.
>
> Is this behavior to be expected? CONFIG_AUDIT is enabled
> by default, therefore many people are going to be hit by
> this problem.
>
> --
> // Bernardo Innocenti - Develer S.r.l., R&D dept.
> \X/ http://www.develer.com/
>
> --
> fedora-devel-list mailing list
> fedora-devel-list at redhat.com
> http://www.redhat.com/mailman/listinfo/fedora-devel-list
>
>
More information about the Linux-audit
mailing list