[Wolves] Monitoring everything
Aquarius
aquarius-lists at kryogenix.org
Sat Apr 10 11:32:51 BST 2004
Aquarius spoo'd forth:
> Peter Oliver spoo'd forth:
>> Aq wanted to know how he could get notified of every filesystem
>> notification on a system, and I suggested FAM. However, from the fam(3X)
>> manual:
>>
>> BUGS
>> Each process is limited to 1000 active requests at a time.
>>
>> That's not even enough to monitor a single user's home directory. That
>> leaves you using the kernel hooks directly, and you can't do NFS
>> filesystems.
>
> I think it is enough, because FAM can monitor directories
OK, I've changed my mind on this. FAM isn't enough, if it can only
monitor 1000 requests (the limit on select(), I think). Looking into
it, there are only a few ways to do this: dnotify, syscall wrapping,
and polling. The kernel does dnotify for you, but it will only
allow monitoring of directories -- if you want to monitor files then
you have to subscribe to per-directory notifications and then monitor
the files yourself. Wrapping the syscalls is the technique used by
things like changedfiles and dazuko, but it requires a kernel module,
which means it has to be compiled against your kernel source, blah
blah blah. And reports of it say it's bleedin' slow.
I am not convinced that "monitor all files in this directory tree
for changes" is yet easily achieveable, at least under Linux.
Aq.
--
Franklin discovered electricity by rubbing
two cats backwards and declared, "A horse divided against itself cannot
stand."
-- an exam answer about Benjamin Franklin
More information about the Wolves
mailing list