|
Performance testing results show a 15% degradation in operation throughput when auditing is enabled, when no operations match the audit filter pattern. This is as compared to a system with access control enabled (--auth) but auditing disabled. It would be preferable to pay a much lower penalty, even at the expense of reduced throughput for operations that do match the filter.
Mongodb cmdline:
./mongod --auth --logpath m1.txt (benchRun patch)
|
Auth on (1,2,4,8,12,16 threads)
16174.05333
|
29139.19333
|
53296.59333
|
87804.80667
|
141010.1167
|
185615.9433
|
Auth On + audit (non-matching filter, unaudited user)
Mongodb cmdline:
./mongod --dbpath db/ --auth --auditDestination file --auditPath ./auditme --auditFormat BSON --setParameter auditAuthzSuccess=true --auditFilter '{ "users.user" : "foo"}' --logpath m1.txt
|
Audit On Unaudited
|
13781.85667
|
25435.05667
|
46572.59667
|
78398.23
|
121390.8633
|
157663.3433
|
Steps to reproduce:
git clone https://github.com/mongodb/mongo-perf
|
cd mongo-perf
|
python benchrun.py -f testcases/query.js -u read_me -p thisisnotapassword
|
|