Has anyone ever needed to explored changing the niceness of

Question

Has anyone ever needed to explored changing the niceness of osquery I found this issue <https github com osquery osquery issues 516> from a few years back talking about the idea of using it would there be any merits negatives to attempting this

theopolis · Answer

This happens already when a watchdog is used the default <https github com osquery osquery blob 2f681e7bdca8f9bb1fb8f6ce4708df7c1fc132c9 osquery process posix process ops cpp L58>

theopolis · Answer

Its a static priority of 10 would you want to configure it to another value I ve been successful controlling usage through cgroups vs relying on osquery to control itself even though it tries hard

TheHellaJeff · Answer

It s just a small number of OSX workstations are having some problems with the subprocess eating up large amounts of system resources when we have process auditing enabled I m not sure where else to go in trying to address this

seph · Answer

Do you need to ingest that many events What are you doing with them

seph · Answer

If you add various nice or watchdogs you will end up dropping events