Re: [PATCH] auvirt: a new tool for reporting events related to virtual machines
On Monday, January 16, 2012 08:05:31 AM Marcelo Cerri wrote:
Just some few questions:
What did yo mean by "a security report"? Just another section or a
separated mode?
Probably a mode, because its data is not going to fit neatly into columns and
look like a nice organized report.
Wouldn't it be a problem to put the time field in the end of the
resource records? It'd be like that:
res guest-name-2 root mem "?" "1048576" Wed Jan 11
15:23
- 15:24 (00:01)
start guest-name-2 root Wed Jan 11 15:23 - 15:24 (00:01)
Or like that:
res guest-name-2 root mem "?" "1048576" Wed Jan 11
15:23
- 15:24 (00:01)
start guest-name-2 root Wed Jan 11 15:23
- 15:24 (00:01)
Like the second one so that like fields line up verically. I'd try to make things
line up vertically as much as possible even if there is blank space. (We might
think of something later to add like perhaps the host machine name.)
-Steve
On 01/13/2012 05:23 PM, Steve Grubb wrote:
> Hello,
>
> On Friday, January 13, 2012 12:25:05 PM Marcelo Cerri wrote:
>> These are some output examples of auvirt. What do you think?
>
> I think you are on the right track.
>
>> I just added a "--full" option because libvirt can generate several
>> resource events and this can make the output confusing.
>
> Hmm. Why not call it --resource if its a resource specific report? Full
> to me implies everything for all guests.
>
>> $ ./auvirt
>> start guest-name-1 root Tue Jan 10 11:05
>> stop guest-name-1 root Tue Jan 10 11:39
>> start guest-name-2 root Wed Jan 11 15:23
>> start guest-name-2 root Wed Jan 11 16:28
>> start guest-name-1 root Wed Jan 12 19:47
>
> Why not collapse these into 1 line like last that shows a duration?
>
> start guest-name-1 root Tue Jan 10 11:05 - 11:39 (00:34)
>
> Do you have any samples for when a guest is paused and restarted? I would
> also collapse those into a line showing the duration of the pause.
>
> pause guest-name-1 root Tue Jan 10 11:15 - 11:30 (00:15)
>
>> $ ./auvirt --show-uuid
>> start guest-name-1 fb4149f5-9ff6-4095-f6d3-a1d03936fdfa root Tue Jan
>> 10 11:05
>> stop guest-name-1 fb4149f5-9ff6-4095-f6d3-a1d03936fdfa root Tue Jan
>> 10 11:39
>> start guest-name-2 f937029b-93ca-4e13-b40b-663f46323503 root Wed Jan
>> 11 15:23
>> start guest-name-2 f937029b-93ca-4e13-b40b-663f46323503 root Wed Jan
>> 11 16:28
>> start guest-name-1 fb4149f5-9ff6-4095-f6d3-a1d03936fdfa root Wed Jan
>> 12 19:47
>>
>> $ ./auvirt --summary # keep the same behaviour
>>
>> $ ./auvirt --uuid fb4149f5-9ff6-4095-f6d3-a1d03936fdfa
>> start guest-name-1 root Tue Jan 10 11:05
>> stop guest-name-1 root Tue Jan 10 11:39
>> start guest-name-1 root Wed Jan 12 19:47
>>
>> $ ./auvirt --vm-name guest-name-2
>> start guest-name-2 root Wed Jan 11 15:23
>> start guest-name-2 root Wed Jan 11 16:28
>
> Maybe it will be easier on admin's fingers to just call the above option
> --vm? I like shorter names if they make sense and are unambiguous.
>
>> $ ./auvirt --full --uuid f937029b-93ca-4e13-b40b-663f46323503
>> res guest-name-2 root Wed Jan 11 15:23 disk "?"
>> "/images/guest-2.img"
>> res guest-name-2 root Wed Jan 11 15:23 vcpu "0"
"4"
>> res guest-name-2 root Wed Jan 11 15:23 net "?"
>> "52:54:00:DB:AE:B4"
>> res guest-name-2 root Wed Jan 11 15:23 mem "?"
>> "1048576" start guest-name-2 root Wed Jan 11 15:23
>> avc guest-name-2 root Wed Jan 11 19:49 read
>> "/images/guest-2.img" denied
>> res guest-name-2 root Wed Jan 11 15:23 mem "1048576"
>> "2097152"
>> stop guest-name-2 root Wed Jan 11 16:28
>
> I would separate avcs and anomalies into a security report. Then for the
> resource section, I would rearrange the fields so the time is at the end
> and then show the duration so you collapse 2 lines (assignment and
> disposal) into 1 line.
>
> For things that are disposed of at shutdown, you can just put "down" like
> last does when users are logged out by the system shutdown.
>
> Overall, I think this is heading in the right direction.
>
> Thanks,
>
> -Steve