[Aide] regexp or multiple rules?
Richard van den Berg
richard at vdberg.org
Wed Jan 17 18:47:30 EET 2007
Marc Haber wrote:
> When generating a file, it is probably easier to generate two disting
> rules - will this wreck AIDE performance?
I am not sure. Regex compares are said to be expensive operations. The
more rules you have, the more compares aide will do. You could do some
testing with 10 regexes and 100 regexes to see if you notice a
difference. My gut feeling says that the disk operations (stats) are the
limiting factor, not the regex compares on modern CPUs.
Sincerely,
Richard van den Berg
More information about the Aide
mailing list