From owner-freebsd-hackers@FreeBSD.ORG Sat May 26 02:21:53 2007
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
X-Original-To: freebsd-hackers@freebsd.org
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
by hub.freebsd.org (Postfix) with ESMTP id 3D45316A469
for <freebsd-hackers@freebsd.org>; Sat, 26 May 2007 02:21:53 +0000 (UTC)
(envelope-from keramida@ceid.upatras.gr)
Received: from igloo.linux.gr (igloo.linux.gr [62.1.205.36])
by mx1.freebsd.org (Postfix) with ESMTP id AA4C713C448
for <freebsd-hackers@freebsd.org>; Sat, 26 May 2007 02:21:52 +0000 (UTC)
(envelope-from keramida@ceid.upatras.gr)
Received: from kobe.laptop (dialup105.ach.sch.gr [81.186.70.105])
(authenticated bits=128)
by igloo.linux.gr (8.13.8/8.13.8/Debian-3) with ESMTP id l4Q2ISCk027349
(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT);
Sat, 26 May 2007 05:18:37 +0300
Received: from kobe.laptop (kobe.laptop [127.0.0.1])
by kobe.laptop (8.14.1/8.14.1) with ESMTP id l4Q2IMu2002249;
Sat, 26 May 2007 05:18:23 +0300 (EEST)
(envelope-from keramida@ceid.upatras.gr)
Received: (from keramida@localhost)
by kobe.laptop (8.14.1/8.14.1/Submit) id l4Q2IKJw002248;
Sat, 26 May 2007 05:18:20 +0300 (EEST)
(envelope-from keramida@ceid.upatras.gr)
Date: Sat, 26 May 2007 05:18:19 +0300
From: Giorgos Keramidas <keramida@ceid.upatras.gr>
To: Alexey Mikhailov <karma@freebsd.org>
Message-ID: <20070526021819.GB2071@kobe.laptop>
References: <200705250322.22259.karma@FreeBSD.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <200705250322.22259.karma@FreeBSD.org>
X-Hellug-MailScanner: Found to be clean
X-Hellug-MailScanner-SpamCheck: not spam, SpamAssassin (not cached,
score=-3.689, required 5, autolearn=not spam, ALL_TRUSTED -1.80,
AWL 0.51, BAYES_00 -2.60, DNS_FROM_RFC_ABUSE 0.20)
X-Hellug-MailScanner-From: keramida@ceid.upatras.gr
X-Spam-Status: No
Cc: freebsd-hackers@freebsd.org, trustedbsd-audit@freebsd.org,
trustedbsd-discuss@freebsd.org, karma@ez.pereslavl.ru
Subject: Re: SoC: Distributed Audit Daemon project
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
<freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
<mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
<mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 26 May 2007 02:21:53 -0000
On 2007-05-25 03:22, Alexey Mikhailov <karma@freebsd.org> wrote:
> Hello!
Hi Alexey :)
> http://wiki.freebsd.org/DistributedAuditDaemon
> [...]
> Consider this picture ( Yes, I know that my ASCII art sucks :-) )
>
> '----------------` '-----------------`
> | | '---------` | Client-specific |
> | User-space app | <== | API [2] | ==> | part of |
> | [1] | `---------' | "dlogd" [3] |
> `----------------' `-----------------'
> ^^
> ||
> ||
>
> (network level) [4]
>
> ||
> ||
> vv
> '-----------------`
> '===============` | Server-specific |
> | File system | <======== | part of |
> | hierarchy [6] | | "dlogd" [5] |
> `===============' `-----------------'
[...]
> [1] <=> [2]: Shared user-space library will incapsulate API.
> And I really want to keep real API simple. At this moment
> I'm going to have only one function that will mark log file
> as "to deliver" (i.e. dlogd_submit("/var/audit/whatever")).
It may be worth keeping the API simple by having only two calls:
dlog_register("/var/audit/file");
dlog_unregister("/var/audit/file");
Then dlogd can use kqueue to monitor the file itself, so you don't need
special calls/methods to notify it of new events arriving on the file.
This is just an idea, and I haven't fully thought all the details of how
a "flush" operation could be implemented if dlogd used kqueue itself.