Appendix A – CPU Consumption

The charts below show the CPU consumption of all HIDS processes for various systems when an artificially created rate of system call audit records (events) are applied on the system and when certain HIDS templates are running. The “File Templates” include the “Modification of Files/Directories, “Creation of world-writable files,” “Creation and modification of SETUID files,” “Modification of another user’s files”, and “Changes to log files.” The “RC Template” is the “Race Condition” template.

To measure the average system call audit event rate on a system, you must run the idscor process with the “-t” option while running any of the file related templates. The idscor –t option is not supported by HIDS v3.1 and a special v3.1 version of idscor along with documentation must be obtained through technical support. The –t option will be documented and available starting with HIDS v4.0.

HP Company Internal

Page 12 of 20

Page 12
Image 12
HP Host Intrusion Detection System (HIDS) manual Appendix a CPU Consumption