Open
Description
openedon Dec 12, 2022
Higher network latency and Higher CPU usage after install auditbeat
Are there any solution to reduce network latency and CPU usage?
Here is my config file
auditbeat.yml
rate_limit: 1024
backlog_limit: 2048
max_procs: 2
mem:
events: 512
flush.min_events: 256
flush.timeout: 1s
processors:
- drop_event:
a lot of equals conditions
audit.rules
-a always,exit -F arch=b32 -F a2!=0x6E -F uid!=chrony -S connect -k conn
-a always,exit -F arch=b64 -F a2!=0x6E -F uid!=chrony -S connect -k conn
-a exit,always -F arch=b64 -S execve -F auid!=4294967295 -k root_command
-a exit,always -F arch=b32 -S execve -F auid!=4294967295 -k root_command
-a exit,always -F arch=b64 -F euid>=1000 -S execve -k user_command
-a exit,always -F arch=b32 -F euid>=1000 -S execve -k user_command
-w /tmp -p x -k suspect_activity
-a always,exit -F path=/usr/bin/python -F perm=x -F auid>=500 -F auid!=4294967295 -k suspect_activity
-a always,exit -F path=/usr/bin/python -F perm=x -F auid=0 -F auid!=4294967295 -k suspect_activity
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment