HPE GreenLake Administration
- Community Home
- >
- Servers and Operating Systems
- >
- Legacy
- >
- Operating System - Tru64 Unix
- >
- performance hit of turning on auditing
Operating System - Tru64 Unix
1828252
Members
3519
Online
109975
Solutions
Forums
Categories
Company
Local Language
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-29-2004 07:53 AM
03-29-2004 07:53 AM
performance hit of turning on auditing
I'm looking for a ball park idea of how much of a penalty turning on auditing will do to the system. I'm talking about auditing to it's furthest extent. Any percentages? 10%? 20%?
This is on a DB server running Tru64 v5.1b in a cluster.
This is on a DB server running Tru64 v5.1b in a cluster.
4 REPLIES 4
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-29-2004 08:35 AM
03-29-2004 08:35 AM
Re: performance hit of turning on auditing
Why do you want to turn on all auditing? Normally that would only be used for a short time to debug a specific problem. You would not only have the performance issues (which I don't think would be that big), but you would use up disk space at an incredible rate. Full auditing audits all syscalls that happen on the system.
If you turn on a more reasonable subset of auditing, i.e. the Server or Timesharing profile, the performance hit is small enough it is pretty much unmeasurable. Then you can always turn on all auditing only when you have a need for it.
If you turn on a more reasonable subset of auditing, i.e. the Server or Timesharing profile, the performance hit is small enough it is pretty much unmeasurable. Then you can always turn on all auditing only when you have a need for it.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-29-2004 09:03 AM
03-29-2004 09:03 AM
Re: performance hit of turning on auditing
Here is what I am required to audit system wide:
1. Log on attempts (successful and unsuccessful)
2. Security Administration and other Priviledged user activity.
3. End user activity, such as the initiation of transactions, sending of messages, etc.
4. The transport and/or manipulation of commands, data and other events between applications
5. All authorization
Do you think I could get away with less than full auditing for this stuff?
1. Log on attempts (successful and unsuccessful)
2. Security Administration and other Priviledged user activity.
3. End user activity, such as the initiation of transactions, sending of messages, etc.
4. The transport and/or manipulation of commands, data and other events between applications
5. All authorization
Do you think I could get away with less than full auditing for this stuff?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-30-2004 05:10 AM
03-30-2004 05:10 AM
Re: performance hit of turning on auditing
Eric,
You certainly don't have to turn on auditing fully to get what you need, but it might take some work to figure out exactly what your audit configuration should be.
I'd start with the Timesharing or Timesharing extended audit profile and see if that meets your needs. You could always add additional syscalls and/or files to be audited if necessary to meet your requirements.
There's information on configuring audit in the Security manual (Security Administration manual for V5.1B) as well as the auditmask and auditd man pages.
Ann
You certainly don't have to turn on auditing fully to get what you need, but it might take some work to figure out exactly what your audit configuration should be.
I'd start with the Timesharing or Timesharing extended audit profile and see if that meets your needs. You could always add additional syscalls and/or files to be audited if necessary to meet your requirements.
There's information on configuring audit in the Security manual (Security Administration manual for V5.1B) as well as the auditmask and auditd man pages.
Ann
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-30-2004 05:32 AM
03-30-2004 05:32 AM
Re: performance hit of turning on auditing
OK- I'll take a look at that. It sounds like our previous assumption that the performance impact would be too great is not true anymore. Thanks for your input!
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
Company
Support
Events and news
Customer resources
© Copyright 2025 Hewlett Packard Enterprise Development LP