What performance impact does EventSentry have on a monitored computer (e.g. CPU, memory, etc.)?
Generally speaking EventSentry does not have a significant performance impact on a computer. EventSentry was developed in C++ with the goal of being invisible in mind, and we are happy to say that we have accomplished this goal. As such, one should never even notice that the agent is running and monitoring the event logs and the computer.
The EventSentry agent uses between 15-35Mb of RAM (depending on features used) and approximately 1% of CPU time when monitoring a system, the used diskspace is approximately 2Mb, whereas the debug log files (which can be disabled) use up to a maximum of 50Mb. The agent will be almost completely idle when there is little activity in the event logs.
How much resources the EventSentry agent really needs depends on the following:
*) Event Log Activity: If you are monitoring the security event log on a busy domain controller (logging tens of thousand event log records every day), and then log all this information to a database, then the CPU impact might be slightly higher since the agent will be constantly writing to the database. The CPU usage will then also depend on the ODBC driver used.
*) Activated Features: The more features you have activated (e.g. Process Tracking), the more resources the agent will use. Due to its modular and threaded design, the EventSentry agent will free resources when they are not being monitored. For example, if you are not performing process tracking and performance monitoring, then the EventSentry agent will use fewer resources.
*) Number of Filters: The more filters you have configured, the more processing will be required when event log records are being analyzed. While it is not a problem to have a large amount of filters (e.g. 300), it will naturally use more resources to parse 300 filters compared to parsing 15 filters. In practice however this has not shown to have a noticable performance impact.
*) Environment Monitoring: Activating this feature by using an external temperature sensor will increase the CPU usage by about 1-2% since the EventSentry agent will have to poll the sensor through the serial port several times per minute.
Conclusion: Overall, in 95% of all installations, you will not even notice that the EventSentry agent is installed and will not negatively affecting system performance.
