Using audit for service monitoring...
Randy Zagar
zagar at arlut.utexas.edu
Thu Sep 28 20:29:16 UTC 2006
If I wanted to use the audit subsystem to log something like stale NFS
handles, would this work?
# ESTALE == -13
auditctl -a exit,always -S all -F exit=-13
More importantly, is this an appropriate use of the audit subsystem, or
should I be doing this some other way?
If this is the right way to do it, how can I easily determine which
syscalls can return ESTALE? Using '-S all' seems wasteful...
Suggestions always welcome,
-RZ
--
Randy Zagar Sr. Unix Systems Administrator
E-mail: zagar at arlut.utexas.edu Applied Research Laboratories
Phone: 512 835-3131 Univ. of Texas at Austin
More information about the Linux-audit
mailing list