RE: process accounting

From: Small, Jim (jim.small_at_eds.com)
Date: 05/30/03

  • Next message: Petty, Robert: "Linux firewall/IDS/NAT suggestions"
    To: focus-linux@securityfocus.com
    Date: Thu, 29 May 2003 19:33:22 -0400
    
    

    Well it depends on how you do it. With Solaris' BSM, the performance
    penalty is 5-10%. IMHO, peanuts compared to the wealth of information you
    can obtain from logging execs. Not just for malicious acts, but also for
    honest mistakes when people are sure what they did or what happened.

    <> Jim

    -----Original Message-----
    wouldn't there be a big overhead if you log every execve() call ?


  • Next message: Petty, Robert: "Linux firewall/IDS/NAT suggestions"