Skip to content

Higher network latency after install auditbeat #34021

Open

Description

Higher network latency and Higher CPU usage after install auditbeat
Are there any solution to reduce network latency and CPU usage?

Here is my config file
auditbeat.yml

rate_limit: 1024
backlog_limit: 2048
max_procs: 2
mem:
  events: 512
  flush.min_events: 256
  flush.timeout: 1s
processors:
  - drop_event:
      a lot of equals conditions

audit.rules

-a always,exit -F arch=b32 -F a2!=0x6E -F uid!=chrony -S connect -k conn
-a always,exit -F arch=b64 -F a2!=0x6E -F uid!=chrony -S connect -k conn
-a exit,always -F arch=b64 -S execve -F auid!=4294967295 -k root_command
-a exit,always -F arch=b32 -S execve -F auid!=4294967295 -k root_command
-a exit,always -F arch=b64 -F euid>=1000 -S execve -k user_command
-a exit,always -F arch=b32 -F euid>=1000 -S execve -k user_command
-w /tmp -p x -k suspect_activity
-a always,exit -F path=/usr/bin/python -F perm=x -F auid>=500 -F auid!=4294967295 -k suspect_activity
-a always,exit -F path=/usr/bin/python -F perm=x -F auid=0 -F auid!=4294967295 -k suspect_activity

show some metrics
20221212-201740
Lark20221212-202242

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Assignees

No one assigned

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions