Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-14823

Improve performance of audit in the unaudited case

XMLWordPrintableJSON

    • Type: Icon: Improvement Improvement
    • Resolution: Won't Fix
    • Priority: Icon: Major - P3 Major - P3
    • None
    • Affects Version/s: 2.7.4
    • Component/s: Security
    • Labels:

      Performance testing results show a 15% degradation in operation throughput when auditing is enabled, when no operations match the audit filter pattern. This is as compared to a system with access control enabled (--auth) but auditing disabled. It would be preferable to pay a much lower penalty, even at the expense of reduced throughput for operations that do match the filter.

      Mongodb cmdline:

      ./mongod --auth --logpath m1.txt (benchRun patch)

      Auth on (1,2,4,8,12,16 threads)

      16174.05333
29139.19333
53296.59333
87804.80667
141010.1167
185615.9433

      Auth On + audit (non-matching filter, unaudited user)
      Mongodb cmdline:

       ./mongod --dbpath db/ --auth --auditDestination file --auditPath ./auditme --auditFormat BSON --setParameter auditAuthzSuccess=true --auditFilter '{ "users.user" : "foo"}' --logpath m1.txt

      Audit On Unaudited
13781.85667
25435.05667
46572.59667
78398.23
121390.8633
157663.3433

      Steps to reproduce:

      git clone https://github.com/mongodb/mongo-perf
cd mongo-perf
python benchrun.py -f testcases/query.js -u read_me -p thisisnotapassword

            Assignee:
            andreas.nilsson Andreas Nilsson
            Reporter:
            davide.italiano Davide Italiano
            Votes:
            1 Vote for this issue
            Watchers:
            10 Start watching this issue

              Created:
              Updated:
              Resolved: