From owner-freebsd-hackers@FreeBSD.ORG  Tue Nov 23 22:20:30 2004
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id BCBBF16A502; Tue, 23 Nov 2004 22:20:30 +0000 (GMT)
Received: from fledge.watson.org (fledge.watson.org [204.156.12.50])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 4220243D41; Tue, 23 Nov 2004 22:20:30 +0000 (GMT)
	(envelope-from robert@fledge.watson.org)
Received: from fledge.watson.org (localhost [127.0.0.1])
	by fledge.watson.org (8.13.1/8.13.1) with ESMTP id iANMIh2x098340;
	Tue, 23 Nov 2004 17:18:43 -0500 (EST)
	(envelope-from robert@fledge.watson.org)
Received: from localhost (robert@localhost)iANMIhRs098337;
	Tue, 23 Nov 2004 22:18:43 GMT
	(envelope-from robert@fledge.watson.org)
Date: Tue, 23 Nov 2004 22:18:43 +0000 (GMT)
From: Robert Watson <rwatson@freebsd.org>
X-Sender: robert@fledge.watson.org
To: Brian Fundakowski Feldman <green@freebsd.org>
In-Reply-To: <20041122233318.GB1473@green.homeunix.org>
Message-ID: <Pine.NEB.3.96L.1041123221600.98085A-100000@fledge.watson.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
cc: freebsd-hackers@freebsd.org
Subject: Re: Tracing Disk Access
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
	<freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Nov 2004 22:20:30 -0000


On Mon, 22 Nov 2004, Brian Fundakowski Feldman wrote:

> > I have set an idle timeout for the hard-disk. But when there is no
> > user activity there are frequent disk accesses.
> > How can one trace disk access?
> > I'd like to know the kind of access and on which files/directories/
> > nodes. I'd like to log on the console or on a memory disk file.
> 
> You should look to the MAC framework to provide you -- if not the entire
> solution -- at least insight into how and where you can do this.  If you
> were to do it at the disk device level, it would be a GEOM module,
> though. 

I recently added KTR tracing to geom_io.c which allows a trace of I/O
events both as they go up and down the GEOM stack, and as they're handed
off to disks, etc, so that should help provide detailed tracing of the
actual disk I/O's. 

For files/directories, hopefully we'll be ready to start merging some of
the Audit changes from the TrustedBSD branches to CVS in the next few
months, which will also provide a useful tracing mechanism at the higher
levels of the kernel. 

Robert N M Watson             FreeBSD Core Team, TrustedBSD Projects
robert@fledge.watson.org      Principal Research Scientist, McAfee Research