Impact on Performance

We are in the process of evaluating DB Audit as well as other similar tools for a requirement. We are keen in knowing the impact on performance of databases or applications. Another popular product claims that the impact would be "0", which we believe could not be correct since installing such tools would definitely impact performance. However, in case the tool sniffs the required details, impact might be lower. Can we have your thoughts on this?

Is it possible to provide a % range for impact on performance based on certain parameters such as average DB size, or number of transactions that happen on the db or application, etc.? Any info pertaining to this will be great help. Thanks!

Theoretically the impact could be "zero" is you use a network based tool capturing network traffic and not touching the database server. The problem with such tools is that they leave your database server vulnerable to local activities and unprotected as they are unable to see any local traffic (most of the privileged access and also large chunk of hacking and insider access attempts.). - So technically they are correct, it the impact is zero, but practically such tools are unable to monitor backdoors for your database. It is a situation described by Alexandre Dumas in his famous Three Musketeers novel when one of the main characters had only front side of this clothes while his backside wasn't covered.

Nor such tools can monitor 'second level' activities within a database, Example , CREATE PROC whatever, to select all data from a credit card table and email them, schedule that procedure. Network based tools will tell you about CREATE PROC, they won't tell you that the credit card table is being accessed as that secondary activity happens inside the db server at a different time and without any end-user session.

Now, back to the performance, - the performance impact depends on the amount of audit data captured and transferred to the storage, in other words by the generated input/output – the more Mbytes you capture, the more MBytes goes to the disk, the more impact you have. If you configure the auditing to capture everything, it you may see some visible impact on the performance as well as you will have hard time finding usable information in the audit trail – because of too much noise. If you configure auditing to capture important events only such as schema, changes, security changes, definitely all logins successful and failed, admin activities, or alternatively set filters to monitoring privileged access only, the impact would be very minimal and not visible by naked eye, if properly configured, to see the difference you would need to use specialized tools for measuring db performance.

Last edited by SysOp on Fri Feb 27, 2009 1:11 pm; edited 1 time in total

Thanks for the prompt reply!

However, I think my question on average % range of impact on performance is not yet answered. Will you be able to provide some inputs on this?? Thanks.

Sorry, but there is no such thing as an average %. It all depends on the amount of traffic generated, which depends on your hardware, disk subsystem I/O performance, number and types of applications, number of users, machine utilization, and definitely on the audit configuration and chosen filters. Nobody will be able to provide such out-of-blue average number, because it is really meaningless.

Consider the following, if your system generates 1000 MB per hour data throughout and the auditing is configured to capture and generate additional 10 MB per hour, the performance could be affected by about 1+% because of that additional I/O and the need to write it to the disk. But again this is a very very approximate number.

Last edited by SysOp on Fri Feb 27, 2009 1:12 pm; edited 1 time in total

That was helpful. Thanks again!

You are welcome!