which virtaul machine to use to log system calls by privileged proccesses
I am working on some project in which I need to log the system calls of certain processes running on the system. It is going to be on an older version of RedHat like 7.3 on Pentium IV (a network of 3 or 4 machines). Now my question is that can I use the Virtual machine concept here and get it all done on a single machine? The major point of concern is to be able log all the system calls (the order and the parameters are important here) and the most interesting ones would be privileged processes running with high privileges.
I have read some introduction and about the features of some of the emulators like Bochs, plex86, User Mode Kernel and VMware but I am still confused among them as some of them say that they don't run preveliged processes and then some are useful if you want to emulate different operating systems and platforms and then there are performance issues as well. Performance is not the major issue for me. I'll probably run the emulation on Fedora on PC so it's not a matter of supporting multiple OS or platforms. I only want to log "all" the system calls that a process is invoking along with the parameters for which I might use Snare (the auditing tool - the kernel needs to be patched for this) and make the nodes communicate with each other. Can anybody suggest which one will be most suitable for the kind of work I am doing?
Cheers,
N.
|