LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Pencil, Pencil, and Pencil

Dividing the Linux desktop

LWN.net Weekly Edition for June 13, 2013

A report from pgCon 2013

Little things that matter in language design

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

File monitoring with Mortadelo and SystemTap

File monitoring with Mortadelo and SystemTap

Posted Mar 6, 2008 13:37 UTC (Thu) by fuhchee (subscriber, #40059)
In reply to: File monitoring with Mortadelo and SystemTap by darwish07
Parent article: File monitoring with Mortadelo and SystemTap 

> Is there some redundancy between Audit and SystemTap ?

Sure.  Other than logistical (installation) issues though,
there is the potential for more interesting differences.

Audit is a single system-wide facility, so only a single
configuration (set of trace points) can be active at a time.
Systemtap is per-session, so many different probing sessions
collecting different sorts of data can run at the same time.

Mortadelo represents only a basic use of systemtap at the
present (an unconditional trace record for a bunch of
systemcalls, system-wide).  It could do something richer,
like dynamically adjusting the target process/syscall list
to reduce trace data quantity (-> improve performance, reduce
system impact); to encode user-specified filters; to change
these even during systemtap probe run-time using a /proc file
interface.

(Log in to post comments)

File monitoring with Mortadelo and SystemTap

Posted Mar 6, 2008 22:16 UTC (Thu) by darwish07 (subscriber, #49520) [Link] 

Aha .. Thanks for this great explanation.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds