Re: overhead of auditd
Hello,
On Thursday, July 11, 2019 11:23:45 PM EDT 杨海 wrote:
Turning on all system calls in audit.rules, and transferring a tar
file to
the target system (CentOS 7, 4 cores), I found "auditd" consumes high CPU
usage. Is it expected?
It would not be surprising. Some system calls have more overhead than others.
So, depending on everything that is running, you can kill your system.
BTW, after turning write-logs off, and add dispatcher, both
"audispd" and
"auditd" are consuming high CPU.
They have a lot of events to handle.
-Steve