Re: BIG performance hit with auditd on large systems (>64 CPUs)

>>> your rules to put all the ones with '-F auid>=400' below a single >>> line rule >>> like this: >>> -a never,exit -F auid<400 >>> >>> and remove the '-F auid>=400' from all of the rules below it. >>> >> ... >> >> I did this, and verified it, but there was absolutely no difference >> to unsorted rules having -S all also specified >> >> Still cpu %system up to 50% and run time of jobs 100% longer. >> This was on a vm with 72 cpus >> Just to give this story some kind of closure: we got a test kernel from $SUPPORT fixing a specifig bugzilla (which seems to be private) and %cpu system is in normal (low) ranges again. So thanks for your advices, they are still heeded!