From owner-freebsd-hackers@FreeBSD.ORG Tue Nov 23 22:20:30 2004 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BCBBF16A502; Tue, 23 Nov 2004 22:20:30 +0000 (GMT) Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4220243D41; Tue, 23 Nov 2004 22:20:30 +0000 (GMT) (envelope-from robert@fledge.watson.org) Received: from fledge.watson.org (localhost [127.0.0.1]) by fledge.watson.org (8.13.1/8.13.1) with ESMTP id iANMIh2x098340; Tue, 23 Nov 2004 17:18:43 -0500 (EST) (envelope-from robert@fledge.watson.org) Received: from localhost (robert@localhost)iANMIhRs098337; Tue, 23 Nov 2004 22:18:43 GMT (envelope-from robert@fledge.watson.org) Date: Tue, 23 Nov 2004 22:18:43 +0000 (GMT) From: Robert Watson X-Sender: robert@fledge.watson.org To: Brian Fundakowski Feldman In-Reply-To: <20041122233318.GB1473@green.homeunix.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-hackers@freebsd.org Subject: Re: Tracing Disk Access X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 Nov 2004 22:20:30 -0000 On Mon, 22 Nov 2004, Brian Fundakowski Feldman wrote: > > I have set an idle timeout for the hard-disk. But when there is no > > user activity there are frequent disk accesses. > > How can one trace disk access? > > I'd like to know the kind of access and on which files/directories/ > > nodes. I'd like to log on the console or on a memory disk file. > > You should look to the MAC framework to provide you -- if not the entire > solution -- at least insight into how and where you can do this. If you > were to do it at the disk device level, it would be a GEOM module, > though. I recently added KTR tracing to geom_io.c which allows a trace of I/O events both as they go up and down the GEOM stack, and as they're handed off to disks, etc, so that should help provide detailed tracing of the actual disk I/O's. For files/directories, hopefully we'll be ready to start merging some of the Audit changes from the TrustedBSD branches to CVS in the next few months, which will also provide a useful tracing mechanism at the higher levels of the kernel. Robert N M Watson FreeBSD Core Team, TrustedBSD Projects robert@fledge.watson.org Principal Research Scientist, McAfee Research