Benchmarking the performance impact of auditd
Nathaniel Husted
nhusted at gmail.com
Thu Aug 29 21:02:27 UTC 2013
While obviously not extremely thorough a research group I'm involved in has
looked at the performance impact of Audit though in this case specific to
Android mobile devices on ARM. Check the section at the end of page 4.
https://www.usenix.org/system/files/conference/tapp13/tapp13-final11.pdf
Cheers,
Nathaniel
On Thu, Aug 29, 2013 at 4:24 PM, Steve Grubb <sgrubb at redhat.com> wrote:
> On Thursday, August 29, 2013 12:59:33 PM zhu xiuming wrote:
> > Has someone done some work related to the performance impact of enabling
> > auditd on syscalls watching?
>
> Yes, long ago.
> http://people.redhat.com/sgrubb/files/lspp-perf.tar.gz
>
> Short story is watches were undistinguishable from cache hit/misses and
> syscall auditing gets more impact as more rules get added and based on how
> complicated the rule is. CPU's have changed so much since I did the
> benchmarking that I won't even hazard a guess as to what the performance
> hit
> is on current hardware with current kernel.
>
> -Steve
>
> --
> Linux-audit mailing list
> Linux-audit at redhat.com
> https://www.redhat.com/mailman/listinfo/linux-audit
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20130829/5ff5e41a/attachment.htm>
More information about the Linux-audit
mailing list