[dtrace-discuss] Re: Re: How to monitor any access to a specific
file using drace
Zhijun Fu
Zhijun.Fu at Sun.COM
Mon Jan 22 21:28:34 PST 2007
Hello David,
Not familiar with SunSHILED, but I guess you can monitor the disired
access via VFS functions.
I've attached a simple D-script which can monitor that.It is far from
enough at this moment,and certainly needs further polishing.
Just try to give an example.
BTW:thanks Brendan for explanations on dtrace :-)
Regards,
Zhijun
David Chen wrote:
> Hi Brendan,
> Thanks a lot for your information.
> >From your mail, I understand that syscall provider can't fulfill my requirement even if I can get the full path name, since hardlink may be used, is that right?
> As you suggested, can I monitor "any access" by vnode at the VFS layer? How to do it and could you pls give some example?
> It's a security monitoring as you said, I just record the "access events" and log them into a file ( I know it's amusing since "hacker" can easily delete his access log from the file, or even delete the log file, but it's the "requirement", :-( ). On the other hand, I'm quickly going through SunSHILED user guide, I see it can monitor any user's any action, but not sure if it can monitor "any access" to a file, any experience that you can share about setting it?
>
> Best Regards
> David
>
>
> This message posted from opensolaris.org
> _______________________________________________
> dtrace-discuss mailing list
> dtrace-discuss at opensolaris.org
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: fop.d
Type: text/x-dsrc
Size: 501 bytes
Desc: not available
Url : http://mail.opensolaris.org/pipermail/dtrace-discuss/attachments/20070122/0ea10838/fop.bin
More information about the dtrace-discuss
mailing list