Thanks a lot.
It seems that I need some benchmark tool.
On Thu, Aug 29, 2013 at 2:02 PM, Nathaniel Husted <nhusted(a)gmail.com> wrote:
While obviously not extremely thorough a research group I'm
involved in
has looked at the performance impact of Audit though in this case specific
to Android mobile devices on ARM. Check the section at the end of page 4.
https://www.usenix.org/system/files/conference/tapp13/tapp13-final11.pdf
Cheers,
Nathaniel
On Thu, Aug 29, 2013 at 4:24 PM, Steve Grubb <sgrubb(a)redhat.com> wrote:
> On Thursday, August 29, 2013 12:59:33 PM zhu xiuming wrote:
> > Has someone done some work related to the performance impact of enabling
> > auditd on syscalls watching?
>
> Yes, long ago.
>
http://people.redhat.com/sgrubb/files/lspp-perf.tar.gz
>
> Short story is watches were undistinguishable from cache hit/misses and
> syscall auditing gets more impact as more rules get added and based on how
> complicated the rule is. CPU's have changed so much since I did the
> benchmarking that I won't even hazard a guess as to what the performance
> hit
> is on current hardware with current kernel.
>
> -Steve
>
> --
> Linux-audit mailing list
> Linux-audit(a)redhat.com
>
https://www.redhat.com/mailman/listinfo/linux-audit
>
--
Linux-audit mailing list
Linux-audit(a)redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit