Re: performance questions
On Friday, September 30, 2011 10:20:43 AM LC Bruzenak wrote:
On Fri, 2011-09-30 at 09:20 -0400, Steve Grubb wrote:
> On Thursday, September 29, 2011 11:33:09 AM LC Bruzenak wrote:
...
> You might try this:
...
> - _get_exename(exename, sizeof(exename));
> + if (exename[0] == 0)
> + _get_exename(exename, sizeof(exename));
>
> if (tty == NULL)
>
> tty = _get_tty(ttyname, TTY_PATH);
>
> else if (*tty == 0)
Well, we could (and then it would work like the others) but we really
want to store the exename I think. Isn't that what becomes
"exe=<EXEPATH>" in the event?
It does. You can strace it. :)
> We can probably use the return value of fprintf() +1 (for the
NULL byte)
> and just keep the running total in memory.
Oh, right. That would be more precise. Good idea!
Since we're looking, what about the fstatfs in check_disk_space? Any
thoughts on that one?
Probably can't get rid of that one. Many times people don't separate the audit
directory to its own partition. So, we wind up sharing space with /var/log/messages
which anyone can write to. Even if we had it exclusively, sometimes there is a cron
job that might come and grab files for archiving in which case an internal count would
be off.
-Steve