RE: process accounting
From: Small, Jim (jim.small_at_eds.com)
To: email@example.com Date: Thu, 29 May 2003 19:33:22 -0400
Well it depends on how you do it. With Solaris' BSM, the performance
penalty is 5-10%. IMHO, peanuts compared to the wealth of information you
can obtain from logging execs. Not just for malicious acts, but also for
honest mistakes when people are sure what they did or what happened.
wouldn't there be a big overhead if you log every execve() call ?