From owner-freebsd-hackers@FreeBSD.ORG Thu Nov 17 17:24:09 2005 Return-Path: X-Original-To: freebsd-hackers@freebsd.org Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5613216A41F; Thu, 17 Nov 2005 17:24:09 +0000 (GMT) (envelope-from anderson@centtech.com) Received: from mh2.centtech.com (moat3.centtech.com [207.200.51.50]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2D58A43D45; Thu, 17 Nov 2005 17:24:07 +0000 (GMT) (envelope-from anderson@centtech.com) Received: from [10.177.171.220] (neutrino.centtech.com [10.177.171.220]) by mh2.centtech.com (8.13.1/8.13.1) with ESMTP id jAHHO6GC022081; Thu, 17 Nov 2005 11:24:06 -0600 (CST) (envelope-from anderson@centtech.com) Message-ID: <437CBCAD.3080600@centtech.com> Date: Thu, 17 Nov 2005 11:23:57 -0600 From: Eric Anderson User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.12) Gecko/20051021 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Robert Watson References: <437CB004.2000401@tirloni.org> <20051117171414.L77687@fledge.watson.org> In-Reply-To: <20051117171414.L77687@fledge.watson.org> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: ClamAV 0.82/1177/Thu Nov 17 02:35:37 2005 on mh2.centtech.com X-Virus-Status: Clean Cc: freebsd-hackers@freebsd.org Subject: Re: Filesystem monitoring question X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 17 Nov 2005 17:24:09 -0000 Robert Watson wrote: > > On Thu, 17 Nov 2005, Giovanni P. Tirloni wrote: > >> Using kqueue you can monitor a file/directory for changes and have it >> trigger something when that event happens. But you want to monitor you >> whole partition.. perhaps intercept some syscalls ? > > > Depending on your requirements, you may be able to use ktrace(1) to > monitor the path lookups of all processes on the system by logging them > to a file and tracking the file. > > With Audit support, shortly to be imported into the tree, you'll be able > to do similar things, although in a more configurable way. This got me thinking - what would be the appropriate way for someone to have the kernel dump filesystem info to a userland process? What I'm wondering, is if one could wedge in some parts to the vfs code, that spits out things like vnode, vnop, etc, to a place where a userland app could listen and do something with that info. It would have to be a path that would cause the least delay in dumping the data of course, perhaps a /dev/ device entry, or unix domain socket? Eric -- ------------------------------------------------------------------------ Eric Anderson Sr. Systems Administrator Centaur Technology Anything that works is better than anything that doesn't. ------------------------------------------------------------------------