Auditd framework slowdowns (sometimes freezes) the entire system.
Paul Moore
paul at paul-moore.com
Tue Jul 21 23:02:26 UTC 2015
On Tue, Jul 21, 2015 at 2:14 PM, Steve Grubb <sgrubb at redhat.com> wrote:
> On Tuesday, July 21, 2015 01:23:49 PM Kangkook Jee wrote:
>> Therefore I'm trying to use audit multicast feature you mentioned
>> (https://lwn.net/Articles/587166/). I found out that this feature is
>> recently added and I have a few questions using it.
>>
>> Q1. I've gone over journald source code and found out that it issues a
>> number of netlink socket api calls to join in multi-cast group and receive
>> datagrams. Do you support rather cleaner api to use this feature? I
>> couldn't find anything from libaudit.h.
>
> This is one for the kernel developers.
We only support the two APIs at the moment. We will be doing some
rework of the audit APIs that should improve performance, but that is
far from being ready.
--
paul moore
www.paul-moore.com
More information about the Linux-audit
mailing list