Open-AudIT
https://www.open-audit.org/phpBB3/

Windows audit low priority
https://www.open-audit.org/phpBB3/viewtopic.php?f=20&t=6473
Page 1 of 1

Author:  baja_flux [ Fri Nov 13, 2015 2:14 am ]
Post subject:  Windows audit low priority

Hi guys,

Due to the nature of the servers I want to audit I need the audit scripts to run as the lowest possible priority. How can I accomplish that? Cpu impact is verging on killing my project :(

Any thoughts?

Author:  jpa [ Fri Nov 13, 2015 9:49 am ]
Post subject:  Re: Windows audit low priority

I don't think you can do what you want. The high CPU is coming from the WMI queries which don't run with the priority of the script process but the WMI process. And you can't give low priority to a service (that I know of.)

You could audit fewer machines at a time. Or you could put artificial pauses in the script to spread out the load of the WMI queries it makes. I haven't attempted to see which queries cause the highest CPU usage. Might be an interesting exercise.

Author:  Mark [ Mon Nov 16, 2015 10:42 am ]
Post subject:  Re: Windows audit low priority

You could also run your discovery at a time of low use (say 2am).

Author:  baja_flux [ Tue Nov 17, 2015 7:53 pm ]
Post subject:  Re: Windows audit low priority

the problem i have is my customer facing environment is 24/7 with strict cost implications if our customers are unable to use the system even for a few moments.

in the mean time i have got the green light to roll this out to the internal network as is. so will be able to get an audit done of the internal systems.

thanks for the replys guys. I will look for a way to script a priority change for the wmi for this script.

Page 1 of 1 All times are UTC + 10 hours
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/