LinuxQuestions.org - logging system calls & services

- Linux - Kernel (https://www.linuxquestions.org/questions/linux-kernel-70/)

- - logging system calls & services (https://www.linuxquestions.org/questions/linux-kernel-70/logging-system-calls-and-services-914116/)

8613133

11-17-2011 04:08 PM

logging system calls & services

i want to log all the system calls & services in the kernel(services are the transanction between modules in the kernel),with which tool i can do it?

kbscores

11-18-2011 08:53 AM

We use audit. (auditd)

It comes with a nice set of utilities for looking at failed system calls and system summaries etc...

(aureport, ausearch, etc...)

8613133

11-18-2011 10:11 AM

are you sure that audit can log the services in the kernel?

kbscores

11-18-2011 10:28 AM

Which distribiution are you using?

kbscores

11-18-2011 10:36 AM

When using auditd w/utility this command will bring up a list of all system calls being made

Code:

aureport --start today --syscall

If you want to see failed system calls

Code:

aureport --start today --syscall --failed

If you want to see events

Code:

aureport --start today --event

And a handful of other things --

To list services/modules loaded in kernel just do:

Code:

lsmod

8613133

11-18-2011 03:30 PM

sorry,i want to know audit can log transanctions between modules in the kernel(which called services),can it log services(in addition to modules in the kernel)?

8613133

11-19-2011 01:02 AM

i want to know exactly , can audit make log of all the services (which are )between modules in the subsysytem of kernel(for example in the disk part of kernel)?thanks

unSpawn

11-19-2011 04:09 AM

...maybe he's looking for Kprobes [0|1|2|3|4]?

zanier

11-19-2011 02:03 PM

so you mean kprob log both system calls and services?

unSpawn

11-19-2011 02:35 PM

I mean you should read the documentation behind those links and see if you can reach a conclusion yourself or not.

8613133

11-30-2011 06:48 AM

lttng installation

hi, when i was installing the binary package of lttng,in installation process when i wrote"
sudo apt-get install lttng" in command line i found a error which was:
Reading package lists... Done
Building dependency tree
Reading state information... Done
You might want to run 'apt-get -f install' to correct these:
The following packages have unmet dependencies:
lttng : Depends: linux-image-2.6.35-24-lttng but it is not going to
be installed
Depends: linux-headers-2.6.35-24-lttng but it is not going to
be installed
Depends: ltt-bin but it is not going to be installed
perl : Depends: perl-base (= 5.12.4-6) but 5.10.1-12ubuntu2 is to be installed
Depends: libdb5.1 but it is not installable
E: Unmet dependencies. Try 'apt-get -f install' with no packages (or
specify a solution).
what should i do?please help me.

All times are GMT -5. The time now is 12:38 AM.