Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/hillu/edr-loadgen

Load generator for measuring overhead generated by EDRs and other logging tools on Linux
https://github.com/hillu/edr-loadgen

Last synced: about 3 hours ago
JSON representation

Load generator for measuring overhead generated by EDRs and other logging tools on Linux

Host: GitHub
URL: https://github.com/hillu/edr-loadgen
Owner: hillu
License: gpl-3.0
Created: 2021-10-20T13:11:36.000Z (about 3 years ago)
Default Branch: master
Last Pushed: 2023-02-28T09:08:58.000Z (over 1 year ago)
Last Synced: 2024-06-20T11:48:15.635Z (5 months ago)
Language: Go
Size: 26.4 KB
Stars: 11
Watchers: 2
Forks: 2
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

# Simple load generator for stress-testing EDR software

The purpose of this tool is to measure CPU overhead incurred by having active or passive security monitoring technologies. Examples are _auditd_, _auditbeat_, _auditd_+[_Laurel_](https://github.com/threathunters-io/laurel) Sysmon for Linux, or any EDR.

Originally written for use on Linux systems, _edr-loadgen_ also supports CPU overhead measurements on Windows.

It spawns trivial processes at a set frequency for a set time and measures user + system CPU usage for a set of given processes. The process is passed a special environment variable, `EDR_LOADGEN=1`, so _edr-loadgen_ can safely exec itself to generate load.

Example:
```
$ ./edr-loadgen -command /bin/true -delay .005 -duration 30 $(pidof auditd; pidof laurel)
2021/10/20 16:42:34 ./edr-loadgen: exec '/bin/true', every 0.0050 seconds, duration: 30.0000 seconds
2021/10/20 16:42:34 CLK_TCK = 100
2021/10/20 16:43:04 5977 events generated.
2021/10/20 16:43:04 PID 8062: user+sys: 0.43+0.70 = 1.13 seconds / 1.433+2.333 = 3.767 percent
2021/10/20 16:43:04 PID 18249: user+sys: 0.78+0.08 = 0.86 seconds / 2.600+0.267 = 2.867 percent
2021/10/20 16:43:04 SUM: 1.99 seconds / 6.633 percent
```

A CSV report can be generated (`-report FILENAME`). It contains the following fields:
- UNIX timestamp
- number of events (per `-delay`, `-duration` parameters)
- number of events actually generated
- PID
- process command line
- user time, system (kernel) time, sum (seconds)
- user time, system (kernel) time, sum (%CPU)

## Author

Hilko Bengen <>

## License

GPL-3.0, see [LICENSE](LICENSE)