Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

events: Remove selectAllFrom from linux process events callback #6638

Merged
merged 1 commit into from
Sep 8, 2020
Merged

events: Remove selectAllFrom from linux process events callback #6638

merged 1 commit into from
Sep 8, 2020

Conversation

theopolis
Copy link
Member

@theopolis theopolis commented Sep 7, 2020
edited

By looking at a graph of CPU usage for the Linux audit event publishers, it seems like we can save some CPU usage on this hot path. The selectAllFrom is a convenience function to abstract what file returns. We do not need the x-platform feature from this, nor most of the returned results. So we can call stat directly in the callback.

perf-audit-enabled-30s

@theopolis theopolis added Linux events Related to osquery's evented tables or eventing subsystem performance labels Sep 7, 2020
@theopolis theopolis force-pushed the remove_process_events_selectall branch from fa0cfa6 to f93891b Compare September 8, 2020 02:59
alessandrogario
alessandrogario approved these changes Sep 8, 2020
View reviewed changes
Copy link
Member

@alessandrogario alessandrogario left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I was never a fan of that selectAllFrom() call! I would almost remove this completely, since the query/stat will always happen seconds after the actual event - but that would break compatibility

@theopolis theopolis merged commit c32953e into osquery:master Sep 8, 2020
aikuchin pushed a commit to aikuchin/osquery that referenced this pull request Jul 11, 2023
@mogrein
Merge pull request osquery#12 in CLOUD/osquery from sync/osquery-4.5.…
a7a150b 
…0 to master

* commit 'ab092654b8b027e35a91ef19feb74f9eeec0fc2b': (98 commits)
  osquery-4.5.0: merge updates and fix conflicts
  osquery-4.5.0: merge updates and fix conflicts
  Add 4.5.0 CHANGELOG (osquery#6646)
  Add sigurl column to pass yara signatures with the queries (osquery#6607)
  Update process auditing docs schema link (osquery#6645)
  Support for Background Activity Moderator (osquery#6585)
  database: Remove read only concept (osquery#6637)
  Parsing of user data in Windows event log (osquery#6643)
  events: Remove selectAllFrom from linux process events callback (osquery#6638)
  libs: Set glog and gflags includes as SYSTEM (osquery#6635)
  tests: Fix flaky test_2_daemon_with_option (osquery#6634)
  tests: Improve the reliability of TLSServerRunner (osquery#6632)
  database: Move initialization retry logic into DB API (osquery#6633)
  libs/smartmontools: Add aarch64 support
  libs/lzma: Add aarch64 support
  libs/lldpd: Add aarch64 support
  libs/librdkafka: Add aarch64 support
  libs/libgpg-error: Add aarch64 support
  libs/libgcrypt: Add aarch64 support
  libs/libdpkg: Add aarch64 support
  ...
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@alessandrogario alessandrogario alessandrogario approved these changes

Assignees
No one assigned
Labels
events Related to osquery's evented tables or eventing subsystem Linux performance
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@theopolis @alessandrogario