[dtrace-discuss] Re: Re: How to monitor any access to a specific
file using drace
David Chen
xinchen at lucent.com
Mon Jan 22 19:11:55 PST 2007
Hi Brendan,
Thanks a lot for your information.
>From your mail, I understand that syscall provider can't fulfill my requirement even if I can get the full path name, since hardlink may be used, is that right?
As you suggested, can I monitor "any access" by vnode at the VFS layer? How to do it and could you pls give some example?
It's a security monitoring as you said, I just record the "access events" and log them into a file ( I know it's amusing since "hacker" can easily delete his access log from the file, or even delete the log file, but it's the "requirement", :-( ). On the other hand, I'm quickly going through SunSHILED user guide, I see it can monitor any user's any action, but not sure if it can monitor "any access" to a file, any experience that you can share about setting it?
Best Regards
David
This message posted from opensolaris.org
More information about the dtrace-discuss
mailing list