TrustedBSD Audit Project
Stephanie Wehner
_ at r4k.net
Mon Oct 8 22:03:27 GMT 2001
On Mon, Oct 08, 2001 at 02:52:28PM -0700, Gersh wrote:
> >From the mail that richard had sent out I rember a section saying
> something like.
>
> "The audit record has to be stored, or else the event cannot take
> place". I would assume that this means we have to be able to write the
> record to disk before the action can be allowde to take place.
>
> Im not sure what kind of performence impacts this will have.
If you actually have to, say, 'commit' to some form of stable storage before
proceeding, performance impacts are quite immense. Although I take it that
requirements are not that hard, eg Robert's audit patch uses a /dev/audit
which is read by a userland process and doesn't do this either.
I might be mistaken though, that's why I was asking :)
bye,
Stephanie
--<> _ at r4k.net <>-------<> HAL 2001 - http://www.hal2001.org <>---
#16 - Anime Law of Inverse Accuracy
The accuracy of a 'Good Guy' when operating any form of fire-arm
increases as the difficulty of the shot increases. The accuracy of the
'Bad Guys' when operating fire-arms decreases when the difficulty of
the shot decreases.
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-audit" in the body of the message
More information about the trustedbsd-audit
mailing list