[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [PATCH] auvirt: a new tool for reporting events related to virtual machines



On Tuesday, January 24, 2012 01:08:56 PM Marcelo Cerri wrote:
> I took a look at some anomaly events and I'm thinking to correlate them 
> to guests based on the SELinux context or maybe based on the pid field.
> 
> Do you think there is another ways to correlate them?

I was thinking to correlate them based on the time and pid. If its within the 
time range between startup/shutdown and its the same pid, then you have the 
event correlated. If its outside the time range or a different pid, then you do 
not have correlation. I would not look at selinux label because not all 
systems/distros have it enabled or compiled in. So, pid and time are the most 
universal identifiers for correlation.

-Steve


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]