Hello, On Thursday, July 11, 2019 11:23:45 PM EDT 杨海 wrote: > Turning on all system calls in audit.rules, and transferring a tar file to > the target system (CentOS 7, 4 cores), I found "auditd" consumes high CPU > usage. Is it expected?
It would not be surprising. Some system calls have more overhead than others. So, depending on everything that is running, you can kill your system. > BTW, after turning write-logs off, and add dispatcher, both "audispd" and > "auditd" are consuming high CPU. They have a lot of events to handle. -Steve -- Linux-audit mailing list Linux-audit@redhat.com https://www.redhat.com/mailman/listinfo/linux-audit
