https://fleetdm.com logo
Channels
  • t

    TheHellaJeff

    2 years ago
    Has anyone ever needed to/explored changing the niceness of osquery? I found this issue (https://github.com/osquery/osquery/issues/516) from a few years back talking about the idea of using it, would there be any merits/negatives to attempting this?
  • theopolis

    theopolis

    2 years ago
    This happens already when a watchdog is used (the default) https://github.com/osquery/osquery/blob/2f681e7bdca8f9bb1fb8f6ce4708df7c1fc132c9/osquery/process/posix/process_ops.cpp#L58
    Its a static priority of 10, would you want to configure it to another value? I've been successful controlling usage through cgroups vs. relying on osquery to control itself (even though it tries hard).
  • t

    TheHellaJeff

    2 years ago
    It’s just a small number of OSX workstations are having some problems with the subprocess eating up large amounts of system resources when we have process auditing enabled, I’m not sure where else to go in trying to address this
  • s

    seph

    2 years ago
    Do you need to ingest that many events? What are you doing with them?
Join thread in Slack
View count: 1