praudit could go faster
cmd - userland programs
Running praudit against audit logs can take forever. We should try and speed it up.
Updated by Joshua Clulow over 1 year ago
The analysis provided in the original review e-mail thread is useful, and I've reproduced some of it here for prosperity:
The driver here is that running praudit takes *forever*. And particularly as I'm running on AWS where we pay for the cyles... There are 2 changes here that dramatically improve performance. Original test time was 11.3s 1. Remove fflush() This is a big win, test time goes to 4.1s 2. Cache uid/gid lookups. The code here comes straight out of ls.c. On its own, test time drops to 8.3s Combined, we get down to 1.5s. That's a huge speedup. It's actually even better than it looks, because the uid/gid cache avoids nscd getting battered. It would also have been good to cache network address lookups, which would get down to about 0.5s. I'm avoiding that for now as (a) it's hard, and (b) I have some other potential fixes. Not to mention that I've already got a good result. I've verified that, at least on my tests, output is unchanged.
Updated by Electric Monk over 1 year ago
- Status changed from New to Closed
- % Done changed from 0 to 100
commit 99591362ae3dee1f30d3be8bc4bdca109e256eb7 Author: Peter Tribble <firstname.lastname@example.org> Date: 2018-03-10T22:27:54.000Z 9106 praudit could go faster Reviewed by: Sebastian Wiedenroth <email@example.com> Reviewed by: Sanjay Nadkarni <firstname.lastname@example.org> Approved by: Joshua M. Clulow <email@example.com>