Project

General

Profile

Bug #9106

praudit could go faster

Added by Peter Tribble over 1 year ago. Updated over 1 year ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
cmd - userland programs
Start date:
2018-02-13
Due date:
% Done:

100%

Estimated time:
Difficulty:
Medium
Tags:
needs-triage

Description

Running praudit against audit logs can take forever. We should try and speed it up.

History

#1

Updated by Joshua M. Clulow over 1 year ago

The analysis provided in the original review e-mail thread is useful, and I've reproduced some of it here for prosperity:

The driver here is that running praudit takes *forever*. And particularly
as I'm running on AWS where we pay for the cyles...

There are 2 changes here that dramatically improve performance.

Original test time was 11.3s

1. Remove fflush()
This is a big win, test time goes to 4.1s

2. Cache uid/gid lookups. The code here comes straight out of ls.c.
On its own, test time drops to 8.3s

Combined, we get down to 1.5s. That's a huge speedup. It's actually
even better than it looks, because the uid/gid cache avoids nscd
getting battered.

It would also have been good to cache network address lookups,
which would get down to about 0.5s. I'm avoiding that for now as
(a) it's hard, and (b) I have some other potential fixes. Not to mention
that I've already got a good result.

I've verified that, at least on my tests, output is unchanged.
#2

Updated by Electric Monk over 1 year ago

  • Status changed from New to Closed
  • % Done changed from 0 to 100

git commit 99591362ae3dee1f30d3be8bc4bdca109e256eb7

commit  99591362ae3dee1f30d3be8bc4bdca109e256eb7
Author: Peter Tribble <peter.tribble@gmail.com>
Date:   2018-03-10T22:27:54.000Z

    9106 praudit could go faster
    Reviewed by: Sebastian Wiedenroth <sebastian.wiedenroth@skylime.net>
    Reviewed by: Sanjay Nadkarni <sanjay.nadkarni@nexenta.com>
    Approved by: Joshua M. Clulow <josh@sysmgr.org>

Also available in: Atom PDF