You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Measurements on busy systems with log_format=RAW vs. ´log_format=ENRICHED` suggest that auditd(8) spends about half its CPU time on interpreting and adding simple numeric values (such as syscall, uid, gid) to the audit log. Perhaps we can do better.
The text was updated successfully, but these errors were encountered:
I have implemented such enrichment and found the combination of auditd (logformat=RAW), audisp, LAUREL to consume slightly less CPU than auditd (logformat=ENRICHED), audisp, LAUREL + enrichment patch.
Measurements on busy systems with
log_format=RAW
vs. ´log_format=ENRICHED` suggest that auditd(8) spends about half its CPU time on interpreting and adding simple numeric values (such as syscall, uid, gid) to the audit log. Perhaps we can do better.The text was updated successfully, but these errors were encountered: