Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-14823

Improve performance of audit in the unaudited case

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major - P3
    • Resolution: Won't Fix
    • Affects Version/s: 2.7.4
    • Fix Version/s: None
    • Component/s: Security
    • Labels:

      Description

      Performance testing results show a 15% degradation in operation throughput when auditing is enabled, when no operations match the audit filter pattern. This is as compared to a system with access control enabled (--auth) but auditing disabled. It would be preferable to pay a much lower penalty, even at the expense of reduced throughput for operations that do match the filter.

      Mongodb cmdline:

      ./mongod --auth --logpath m1.txt (benchRun patch)
      

      Auth on (1,2,4,8,12,16 threads)

      16174.05333
      29139.19333
      53296.59333
      87804.80667
      141010.1167
      185615.9433
      

      Auth On + audit (non-matching filter, unaudited user)
      Mongodb cmdline:

       ./mongod --dbpath db/ --auth --auditDestination file --auditPath ./auditme --auditFormat BSON --setParameter auditAuthzSuccess=true --auditFilter '{ "users.user" : "foo"}' --logpath m1.txt
      

      Audit On Unaudited
      13781.85667
      25435.05667
      46572.59667
      78398.23
      121390.8633
      157663.3433
      

      Steps to reproduce:

      git clone https://github.com/mongodb/mongo-perf
      cd mongo-perf
      python benchrun.py -f testcases/query.js -u read_me -p thisisnotapassword
      

        Attachments

          Activity

            People

            Assignee:
            andreas.nilsson Andreas Nilsson
            Reporter:
            davide.italiano Davide Italiano
            Participants:
            Votes:
            1 Vote for this issue
            Watchers:
            10 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: