Re: Using audit for service monitoring...
On Thursday 28 September 2006 16:29, Randy Zagar wrote:
More importantly, is this an appropriate use of the audit subsystem,
or
should I be doing this some other way?
Generally, the audit system is used for logging security relevant artifacts.
But its been used for bootup readahead analysis, too. So, you could use it
for this, but you might get more data than you want. Try it and see.
If this is the right way to do it, how can I easily determine which
syscalls can return ESTALE? Using '-S all' seems wasteful...
Maybe you can try "auditctl -a exit,always -F perm=all -F exit=-13"
perm selects filesystem classes of syscalls.
-Steve