Hi,
> > I will extend it and add yet another proc-fs variable in
> > /proc/sys/sunrpc/ which will represent a bitmask to selectively
> > enable/disable which syscalls should be logged.
>
>
> Ugh...
>
> The volume of information you propose to log is going to be seriously
> huge and *will* affect performance. It would probably be a lot more
I'm fully aware of that. But we have the problem that we need C2'ish
audit trails and logging facilities. It's a requirement in the company I
work for. Linux unfortunately isn't quite there yet but with the LSM
framework it would be possible. I know that SGI at a certain point had
put a lot of effort into getting something like that into the LSM
framework. I simply can't wait (for that specific NFS requirement) until
it is part of the official kernel tree so I hacked that patch together.
It's easier to forward port my simple patch than to have LSM and a patch.
[Besides all that my boss thinks we can handle the amount of overhead
and the logged data and he pays my check, so I do it. :)]
> efficient to log using 'tcpdump' (and the libpcap binary format)
> instead of all those printks.
Can't do that, company policy and I doubt this would be more efficient
since you need a damn intelligent parser to get the same information
from a packet dump.
But thanks for your input. Maybe you or someone else would be able to
give me a response to my other questions too, if possible. I'd really
appreciate it.
Best regards and thanks for your effort,
Roberto Nibali, ratz
--
echo '[q]sa[ln0=aln256%Pln256/snlbx]sb3135071790101768542287578439snlbxq'|dc
On Monday 17 June 2002 18:39, Roberto Nibali wrote:
> > efficient to log using 'tcpdump' (and the libpcap binary format)
> > instead of all those printks.
>
> Can't do that, company policy and I doubt this would be more efficient
> since you need a damn intelligent parser to get the same information
> from a packet dump.
'ethereal' *is* a damned intelligent parser that understands RPC/NFS/... ;-)
You should be able to use its read filtering capabilities to cherry-pick
exactly the information that interests you.
>
> But thanks for your input. Maybe you or someone else would be able to
> give me a response to my other questions too, if possible. I'd really
> appreciate it.
If you are going to insist on logging using printks, you might as well just
use the existing RPC debugging code. Just rewrite your printks to the format
dfprintk(BITMASK, format,...)
The value of BITMASK can be whatever you want, although the masks between
0x0001 and 0x0200 are already used by the existing nfsd debugging code (see
include/linux/nfsd/debug.h).
Then just 'echo BITMASK >/proc/sys/sunrpc/nfsd_debug' in order to begin
logging.
Cheers,
Trond