User: Password:
|
|
Subscribe / Log in / New account

File monitoring with Mortadelo and SystemTap

File monitoring with Mortadelo and SystemTap

Posted Mar 6, 2008 13:37 UTC (Thu) by fuhchee (guest, #40059)
In reply to: File monitoring with Mortadelo and SystemTap by darwish07
Parent article: File monitoring with Mortadelo and SystemTap

> Is there some redundancy between Audit and SystemTap ?

Sure.  Other than logistical (installation) issues though,
there is the potential for more interesting differences.

Audit is a single system-wide facility, so only a single
configuration (set of trace points) can be active at a time.
Systemtap is per-session, so many different probing sessions
collecting different sorts of data can run at the same time.

Mortadelo represents only a basic use of systemtap at the
present (an unconditional trace record for a bunch of
systemcalls, system-wide).  It could do something richer,
like dynamically adjusting the target process/syscall list
to reduce trace data quantity (-> improve performance, reduce
system impact); to encode user-specified filters; to change
these even during systemtap probe run-time using a /proc file
interface.


(Log in to post comments)

File monitoring with Mortadelo and SystemTap

Posted Mar 6, 2008 22:16 UTC (Thu) by darwish07 (guest, #49520) [Link]

Aha .. Thanks for this great explanation.


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds