[SERVER-14823] Improve performance of audit in the unaudited case Created: 07/Aug/14  Updated: 29/Oct/15  Resolved: 29/Oct/15

Status: Closed
Project: Core Server
Component/s: Security
Affects Version/s: 2.7.4
Fix Version/s: None

Type: Improvement Priority: Major - P3
Reporter: Davide Italiano Assignee: Andreas Nilsson
Resolution: Won't Fix Votes: 1
Labels: 28qa
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Participants:

 Description   

Performance testing results show a 15% degradation in operation throughput when auditing is enabled, when no operations match the audit filter pattern. This is as compared to a system with access control enabled (--auth) but auditing disabled. It would be preferable to pay a much lower penalty, even at the expense of reduced throughput for operations that do match the filter.

Mongodb cmdline:

./mongod --auth --logpath m1.txt (benchRun patch)

Auth on (1,2,4,8,12,16 threads)

16174.05333
29139.19333
53296.59333
87804.80667
141010.1167
185615.9433

Auth On + audit (non-matching filter, unaudited user)
Mongodb cmdline:

 ./mongod --dbpath db/ --auth --auditDestination file --auditPath ./auditme --auditFormat BSON --setParameter auditAuthzSuccess=true --auditFilter '{ "users.user" : "foo"}' --logpath m1.txt

Audit On Unaudited
13781.85667
25435.05667
46572.59667
78398.23
121390.8633
157663.3433

Steps to reproduce:

git clone https://github.com/mongodb/mongo-perf
cd mongo-perf
python benchrun.py -f testcases/query.js -u read_me -p thisisnotapassword


Generated at Thu Feb 08 03:36:05 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.