Re: Benchmarking the performance impact of auditd

On Thursday, August 29, 2013 12:59:33 PM zhu xiuming wrote: Yes, long ago. http://people.redhat.com/sgrubb/files/lspp-perf.tar.gz Short story is watches were undistinguishable from cache hit/misses and syscall auditing gets more impact as more rules get added and based on how complicated the rule is. CPU's have changed so much since I did the benchmarking that I won't even hazard a guess as to what the performance hit is on current hardware with current kernel. -Steve