Audit logging resource requirements

[skeggse]

The docs indicate that enabling auditing imposes "severe resource requirements." What are those requirements, and what makes them "severe?" Does ContainerSSH do something more invasive or complex than other SSH auditing tools?

[janosdebugs]

Hey @skeggse audit logging can, depending on the configuration, log every keystroke, the whole SFTP communication, port forwarded data (not sure this is implemented yet, @tsipinakis do you know?) and more. This means that you need to have enough storage space on your ContainerSSH host to temporarily store possibly several GBs of data per session and then enough bandwidth to upload it to an S3 storage if that's what you want to do. Disk IO should not be a concern, you will run out of CPU much sooner due to the relatively expensive encryption SSH uses I believe.