Re: Watch Performance
On Monday 10 April 2006 23:51, Amy Griffis wrote:
1) what audit rules did you use?
I used the lspp rules to get the 1st 10, and the rest were against files
in /etc/test.
2) what system call(s) did you measure?
access("/usr/include", 0);
The watch rules were never triggered because I wanted to measure the overhead
where no audit events occur. The syscall exercises the file system without
doing any IO, which would complicate things, too.
-Steve