File: Useful_Scripts-inodewatch2.xml

package info (click to toggle)
systemtap 5.3-2
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 47,556 kB
  • sloc: cpp: 81,117; ansic: 54,933; xml: 49,795; exp: 43,595; sh: 11,526; python: 5,003; perl: 2,252; tcl: 1,312; makefile: 1,006; javascript: 149; lisp: 105; awk: 101; asm: 91; java: 70; sed: 16
file content (82 lines) | stat: -rw-r--r-- 3,020 bytes parent folder | download | duplicates (9) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
 
<?xml version='1.0'?>
<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
]>


	<section id="inodewatch2sect">
		<title>Monitoring Changes to File Attributes</title>

<indexterm>
<primary>script examples</primary>
<secondary>monitoring changes to file attributes</secondary>
</indexterm>

<indexterm>
<primary>examples of SystemTap scripts</primary>
<secondary>monitoring changes to file attributes</secondary>
</indexterm>

<indexterm>
<primary>monitoring changes to file attributes</primary>
<secondary>examples of SystemTap scripts</secondary>
</indexterm>

<indexterm>
	<primary>changes to file attributes, monitoring</primary>
	<secondary>examples of SystemTap scripts</secondary>
</indexterm>

<indexterm>
	<primary>file attributes, monitoring changes to</primary>
	<secondary>examples of SystemTap scripts</secondary>
</indexterm>


<remark>
	WAR STORY: monitoring more inode activity http://sourceware.org/systemtap/wiki/WSFileMonitor2?highlight=((WarStories))
</remark>

<remark>
no script in examples
</remark>


	<para>This section describes how to monitor if any processes are changing the attributes of a targeted file, in real time. </para>

<formalpara id="inodewatch2">
	<title>inodewatch2.stp</title>
<para>
<programlisting><xi:include parse="text" href="../testsuite/systemtap.examples/io/inodewatch2.stp" xmlns:xi="http://www.w3.org/2001/XInclude" /></programlisting>
</para>
</formalpara>

<para>Like <xref linkend="inodewatch"/> from <xref linkend="inodewatchsect"/>, <xref linkend="inodewatch2"/> takes the targeted file's device number (in integer format) and <command>inode</command> number as arguments. For more information on how to retrieve this information, refer to <xref linkend="inodewatchsect"/>.</para>

<para>The output for <xref linkend="inodewatch2"/> is similar to that of <xref linkend="inodewatch"/>, except that <xref linkend="inodewatch2"/> also contains the attribute changes to the monitored file, as well as the ID of the user responsible (<command>uid()</command>). <xref linkend="inodewatch2output"/> shows the output of <xref linkend="inodewatch2"/> while monitoring <filename>/home/joe/bigfile</filename> when user <computeroutput>joe</computeroutput> executes <command>chmod 777 /home/joe/bigfile</command> and <command>chmod 666 /home/joe/bigfile</command>.</para>



<example id="inodewatch2output">
	<title><xref linkend="inodewatch2"/> Sample Output</title>
<screen>chmod(17448) inode_setattr 0x800005/6011835 100777 500
chmod(17449) inode_setattr 0x800005/6011835 100666 500</screen>
</example>
<!--
global ATTR_MODE = 1

probe kernel.function("inode_setattr") {
  dev_nr = $inode->i_sb->s_dev
  inode_nr = $inode->i_ino

  if (dev_nr == ($1 &lt;&lt; 20 | $2) # major/minor device
  &amp;&amp; inode_nr == $3
  &amp;&amp; $attr->ia_valid &amp; ATTR_MODE)
	printf ("%s(%d) %s 0x%x/%u %o %d\n",
	execname(), pid(), probefunc(), dev_nr, inode_nr, $attr->ia_mode, uid())
	}


      -->

	</section>