From owner-freebsd-questions Sun Dec 9 8:55:24 2001 Delivered-To: freebsd-questions@freebsd.org Received: from gamma.root-servers.ch (gamma.root-servers.ch [195.49.62.126]) by hub.freebsd.org (Postfix) with SMTP id 6F80137B405 for ; Sun, 9 Dec 2001 08:55:18 -0800 (PST) Received: (qmail 58826 invoked from network); 9 Dec 2001 16:55:16 -0000 Received: from dclient217-162-128-224.hispeed.ch (HELO athlon550) (217.162.128.224) by 0 with SMTP; 9 Dec 2001 16:55:16 -0000 Date: Sun, 9 Dec 2001 17:56:00 +0100 From: Gabriel Ambuehl X-Mailer: The Bat! (v1.53bis) Educational Organization: BUZ Internet Services X-Priority: 3 (Normal) Message-ID: <91447198767.20011209175600@buz.ch> To: questions@freebsd.org Subject: Logging file system access on FreeBSD? MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG -----BEGIN PGP SIGNED MESSAGE----- Hello, I'm looking for a solution to log filesystem accesses (above all, I'm interested in logging changes, but reads wouldn't hurt, too) so now I'm wondering whether this can be done? As far as I can tell, the biggest problem appears to be that at the VFS level, the name of the file being accessed isn't available anymore, since there only vnodes are used to refer to the files. I couldn't find a solution so far but I thought it might be possible to pipe the requests through NFS to log the data, but even there, one would still need a way to convert vnodes back to path names (is this even possible, without having a map of the whole FS in memory?) so one actually got something useable for logging purposes. I know that there's the spy kld, but that one isn't able to do much good about write() calls which isn't too surprising considering that write() doesn't use path names but file descriptors and further, logging write() with spy ends easily ends up in an endless loop since you somehow need to write() the data back to the logfile... Any comments on this topics? Best regards, Gabriel  -----BEGIN PGP SIGNATURE----- Version: PGP 6.5i iQEVAwUBPBOJlcZa2WpymlDxAQFxeQf5AbFnBCGrgCK0I0S2XO3MdPYlX6IjpJHV Mhaz371n7hmkCXnZm7oSH0V4sAYEfOQpuEYhqA6EQYlp11QPEDqVxbdqWzrGAuzs y6+6ALaEpW2UZzPmSHDljwEvHCzoRfpdNNNojp5F0QJhosCp111U5OyStTQl1fkB iE4o3tevdPkFxlGAqm3xZS3CCdAJH8YdoA3EBkVcfbUyJ3n9PN6ZTrrTpyymRNHo JFzqhCa8boC1sevk4vgHnRgZ/nlpGjmOv/QPa+WhNZf1leYrSPH1o8zOtbfcqKBi s2Wczw1Cy12mMiE1ITKoyIWUX4ymhopzYvjTA5626gcCXKU7fjZxNg== =UIFW -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message