Benchmarking the performance impact of auditd
zhu xiuming
xiumingzhu at gmail.com
Thu Aug 29 22:48:23 UTC 2013
Thanks a lot.
It seems that I need some benchmark tool.
On Thu, Aug 29, 2013 at 2:02 PM, Nathaniel Husted <nhusted at gmail.com> wrote:
> While obviously not extremely thorough a research group I'm involved in
> has looked at the performance impact of Audit though in this case specific
> to Android mobile devices on ARM. Check the section at the end of page 4.
>
> https://www.usenix.org/system/files/conference/tapp13/tapp13-final11.pdf
>
> Cheers,
> Nathaniel
>
>
> On Thu, Aug 29, 2013 at 4:24 PM, Steve Grubb <sgrubb at redhat.com> wrote:
>
>> On Thursday, August 29, 2013 12:59:33 PM zhu xiuming wrote:
>> > Has someone done some work related to the performance impact of enabling
>> > auditd on syscalls watching?
>>
>> Yes, long ago.
>> http://people.redhat.com/sgrubb/files/lspp-perf.tar.gz
>>
>> Short story is watches were undistinguishable from cache hit/misses and
>> syscall auditing gets more impact as more rules get added and based on how
>> complicated the rule is. CPU's have changed so much since I did the
>> benchmarking that I won't even hazard a guess as to what the performance
>> hit
>> is on current hardware with current kernel.
>>
>> -Steve
>>
>> --
>> Linux-audit mailing list
>> Linux-audit at redhat.com
>> https://www.redhat.com/mailman/listinfo/linux-audit
>>
>
>
> --
> Linux-audit mailing list
> Linux-audit at redhat.com
> https://www.redhat.com/mailman/listinfo/linux-audit
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20130829/a6ee7278/attachment.htm>
More information about the Linux-audit
mailing list