Skip to main content
NetApp Knowledge Base

What impact does full file operation auditing have on NFS/SMB cluster performance?

  1. Last updated
  2. Save as PDF
Views:
91
Visibility:
Public
Votes:
0
Category:
ontap-9
Specialty:
perf
Last Updated:

Applies to

  • ONTAP 9
  • NAS

Answer

Enabling extensive auditing on your volumes can have a performance impact, particularly in environments with high file activity.
 
  • Here are some key points to consider
  • Performance Overhead: Auditing file operations introduces additional overhead, which can lead to increased latency and CPU utilization. NetApp has conducted extensive testing and found that enabling auditing on CIFS has a marginal impact on latency and CPU utilization. However, the impact can become more pronounced when auditing is enabled on multiple Storage Virtual Machines (SVMs) within a single cluster
  • Targeted Auditing: It is recommended to limit the scope of auditing to only the necessary operations to minimize performance impact. Auditing every file operation can significantly affect performance, especially on volumes with high activity. Instead, focus on auditing specific critical operations that are important to your requirements
  • Staging Volume Considerations: Ensure that the staging volumes used for auditing have sufficient space. The default size of each staging volume can be increased by an administrator to accommodate the generated logs. Failure to size the volume correctly can lead to the staging volume filling up and slowing down performance
  • Configuration Best Practices: Follow best practices for configuring audit policies. Start with default settings and adjust based on your specific needs. Avoid setting full control for auditing and instead be targeted in the type of events that are important to your requirements

 

  • Learn about auditing file access using ONTAP for both the SMB and NFS protocols Recommendations
  • Audit Policy Configuration: Configure audit policies on NTFS security-style files and directories to include only the necessary operations. This can help reduce the performance impact while still meeting your auditing requirements
  • Monitor Performance: Regularly monitor the performance of your storage system after enabling auditing. Use tools like qos statistics volume latency show to identify any latency issues and adjust your audit policies accordingly
  • Spread Audit Load: If possible, spread the audit events across multiple SVMs instead of a single SVM. This allows more processes to consolidate the audit data and can help mitigate performance impacts

Additional Information

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.