Summary

Observing what is going on inside a system is interesting for a number of reasons, and this chapter introduced you to one particular solution provided by the kernel for this purpose: Auditing is a low-overhead mechanism that can be employed on stable production systems to obtain a comprehensive set of information without impacting system performance too much. After introducing audit rules that allow you to specify which information is interesting, the chapter discussed how the kernel gathers the corresponding data and forwards it to userland.

Continue reading here: Architecture Specifics

Was this article helpful?

0 0