| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 16 Jan 2010 00:15:22 +1100 From: Dave Chinner <david@...morbit.com> To: Mike Mestnik <cheako911@...il.com> Cc: Andreas Dilger <adilger@....com>, Al Viro <viro@...iv.linux.org.uk>, Toshiyuki Okajima <toshi.okajima@...fujitsu.com>, Theodore Ts'o <tytso@....edu>, linux-fsdevel@...r.kernel.org, linux-ext4@...r.kernel.org, "James C. Browne" <browne@...utexas.edu> Subject: Re: [REPOST][PATCH][RFC] vfs: add message print mechanism for the mount/umount into the VFS layer On Fri, Jan 15, 2010 at 05:44:01AM -0600, Mike Mestnik wrote: > On Fri, Jan 15, 2010 at 5:02 AM, Dave Chinner <david@...morbit.com> wrote: > > On Thu, Jan 14, 2010 at 11:36:25PM -0500, Andreas Dilger wrote: > >> On 2010-01-14, at 20:24, Dave Chinner wrote: > >>> On Thu, Jan 14, 2010 at 10:33:42AM -0500, Andreas Dilger wrote: > >>>> Sure, it is _possible_ to do this, but you miss the fact that there > >>>> are > >>>> many system monitoring tools that already scrape /var/log/messages > >>>> and > >>>> integrate with event managers. What you are suggesting is that every > >>>> such tool implement an extra, completely ad-hoc mechanism just for > >>>> monitoring the mount/unmount of filesystems on Linux. That doesn't > >>>> make > >>>> sense. > >>> > >>> We already report various events through a netlink interface, but not > >>> to the log files (e.g. quota warnings), so those system monitoring > >>> tools are already going to be missing interesting information. > >>> > >>> Using log files for system event notification used to be the only > >>> way to communicate such events. Now we have much more advanced and > >>> efficient mechanisms for notifications so I think we should use > >>> them. > > .... > >> However, there are many reasons why it still makes sense to do this: > >> - it is in plain text format. I can't recall the number of times > >> people were proposing crazy schemes to have a text interface to the > >> kernel (via /sys/blah, or /debugfs/blah) for things that are much > >> better suited to an ioctl, since they are largely handled by binaries > >> (applications), yet in the case where we have an existing plain-text > >> interface (dmesg and /var/log/messages) that are meant (at least > >> partly) for human consumption we are proposing a binary interface > >> - every system monitoring tool in existence has a /var/log/messages > >> scraping interface, because this is the lowest common denominator, > >> but I'd suspect that few/none have a netlink interface, or if they > >> do it probably can't be easily added to by a user > > > > A daemon that captures the events from netlink and writes them to > > syslog is all that is needed to support log file scraping > > monitoring tools. The message they scrape does not have to come from > > the kernel... > > > klogd. Do we need another wheel? That's just another syslog implementation for directing printk messages to files. It's not an event notification framework. Cheers, Dave. -- Dave Chinner david@...morbit.com -- To unsubscribe from this list: send the line "unsubscribe linux-ext4" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists