[OpenAFS-devel] enhance audit logs to support Sys V message queues

Steven Jenkins steven.jenkins@gmail.com
Wed, 22 Apr 2009 21:15:29 -0400 

On Wed, Apr 22, 2009 at 8:48 PM, Jason Edgecombe
<jason@rampaginggeek.com> wrote:
> Steven Jenkins wrote:
>>
>> I just uploaded a preliminary patch to openafs-bugs (RT #124674) that
>> adds support to audit logs for Sys V message queues. =A0In other words,
>> if you run this patch, instead of audit logs going to a file, they can
>> go to Sys V message queues. =A0There is an additional option to
>> configure if you want to experiment with this: --with-audit-interface,
>> with two options: file and sysvmq, defaulting to file.
>>
>> As the sysvmq interface has two constraints =A0- it can drop log
>> messages if full and it has a limited message length - =A0there is an
>> audit_PrintStats() function which calls the relevant function in the
>> audit interface module (the file interface doesn't need it as it
>> doesn't have
>> these constraints... it could log how many times it blocked in 'audit'
>> though). An invocation of this function to the XCPU signal
>> handler is added as well, so now we can see if there are any audit
>> messages lost or truncated.
>>
>> Note that this patch has not been tested (or applied) against 1.4.10
>> or 1.5.x, so there may be some integration issues. =A0If people think
>> this patch is useful, we can clean it up and integrate it.
>>
>
> Should this be added as a command-line parameter instead of a compile
> parameter?
>
> I say this because you can switch from log files to syslog using a
> command-line option. Can we run two or three logging options simultaneous=
ly?
>

There is only support for one of message queues, log files, and syslog
at a time.

I think you have a valid point, though, about it being a run-time vs
build-time option, and I can refactor the patch unless there are
objections to doing so.

> I'm not familiar with sysV message queues.
>
> Could you give a couple of usage cases?
>

On a linux system, you could consult the 'svipc' man page for
additional information.  Alternatively, you could look at a good
reference on Unix (e.g., Richard Steven's Advanced Programming in the
Unix Environment).

Some areas where a queue is more useful than a file:

- a message queue can have a maximum size, so you can be guaranteed
that an errant process won't fill up your disks
- message queues have a producer/consumer model, so your analyzer
consumes messages -- that could be considered either a positive (e.g.,
more resource-friendly, easier to keep track of which messages have
been processed, etc) or a negative (what if the consumer process dies?
 with a logfile, you can just restart the consumer; with message
queues, once the messages are consumed, they are gone)

--=20
Steven Jenkins
End Point Corporation
http://www.endpoint.com/