[mod-security-users] 轉寄: Welcome to the "mod-security-users" mailing list
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
[mod-security-users] 轉寄: Welcome to the "mod-security-users" mailing list
|
From: 黃 世名 <ct...@ho...> - 2018-10-05 08:17:55
|
Hi, I am curious about how to boost audit log performance. Regardless of mode Serial or Concurrent, I find that there is a huge bottleneck in audit log engine. After enabling audit log engine, Modsecurity's requests per second can decrease from 1000 to 270 with command wrk. In addition to this, when using command "wrk -t1 -c10 -d60s http:/uri", nginx processes would not response any more and become unavailable to normal request. I use v3 master(libmodsecuriy: 738e328, nginx-module-modsecurity: 4b50399, nginx: 1.14.0) as my test bed. Like Nginx, instead of writing a log entry for every request to disk immediately, it can buffer entries in memory and write them to disk as a group. Is it possible to apply this mechanism to audit log engine or there having another approach to solve this challenge? Regards, Daniel |
