Re: NFS (vfs-related) syscall logging

From: Roberto Nibali (ratz@drugphish.ch)
Date: Mon Jun 17 2002 - 11:39:22 EST


Hi,

> > I will extend it and add yet another proc-fs variable in
> > /proc/sys/sunrpc/ which will represent a bitmask to selectively
> > enable/disable which syscalls should be logged.
>
>
> Ugh...
>
> The volume of information you propose to log is going to be seriously
> huge and *will* affect performance. It would probably be a lot more

I'm fully aware of that. But we have the problem that we need C2'ish
audit trails and logging facilities. It's a requirement in the company I
work for. Linux unfortunately isn't quite there yet but with the LSM
framework it would be possible. I know that SGI at a certain point had
put a lot of effort into getting something like that into the LSM
framework. I simply can't wait (for that specific NFS requirement) until
it is part of the official kernel tree so I hacked that patch together.
It's easier to forward port my simple patch than to have LSM and a patch.

[Besides all that my boss thinks we can handle the amount of overhead
and the logged data and he pays my check, so I do it. :)]

> efficient to log using 'tcpdump' (and the libpcap binary format)
> instead of all those printks.

Can't do that, company policy and I doubt this would be more efficient
since you need a damn intelligent parser to get the same information
from a packet dump.

But thanks for your input. Maybe you or someone else would be able to
give me a response to my other questions too, if possible. I'd really
appreciate it.

Best regards and thanks for your effort,
Roberto Nibali, ratz

-- 
echo '[q]sa[ln0=aln256%Pln256/snlbx]sb3135071790101768542287578439snlbxq'|dc

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/



This archive was generated by hypermail 2b29 : Sun Jun 23 2002 - 22:00:13 EST