ACCESS EVENT COLLECTION
First Claim
Patent Images
1. A method of monitoring data accesses in a computer system, comprising the steps of:
- concurrently executing a monitor program and a kernel program, said kernel program servicing requests for data accesses in a file system, said file system comprising index nodes that respectively index descriptors of computer files;
detecting in said kernel program a request for access to one of said computer files, said request comprising a full path name of said one of said computer files;
using said monitor program, obtaining said full path name;
using said kernel program, processing said request by determining an identifier of one of said index nodes that corresponds to said one of said computer files and executing said request using said identifier;
while performing said step of processing said request, obtaining said identifier using said monitor program;
using said monitor program memorizing said full path name and said identifier as an entry in a log file; and
accessing said log file for analysis of said requests for data access.
1 Assignment
0 Petitions
Accused Products
Abstract
On-line and computationally efficient methods and systems are provided for back resolving path names of files from inode numbers during data access request processing. As a result, a near real-time recording of data access events is achieved, including identification of the user who performed the access, and the full path name of the data object that was accessed. In a typical application, access events are collected for use in access control of storage elements in complex organizational file systems.
110 Citations
18 Claims
-
1. A method of monitoring data accesses in a computer system, comprising the steps of:
-
concurrently executing a monitor program and a kernel program, said kernel program servicing requests for data accesses in a file system, said file system comprising index nodes that respectively index descriptors of computer files; detecting in said kernel program a request for access to one of said computer files, said request comprising a full path name of said one of said computer files; using said monitor program, obtaining said full path name; using said kernel program, processing said request by determining an identifier of one of said index nodes that corresponds to said one of said computer files and executing said request using said identifier; while performing said step of processing said request, obtaining said identifier using said monitor program; using said monitor program memorizing said full path name and said identifier as an entry in a log file; and accessing said log file for analysis of said requests for data access. - View Dependent Claims (2, 3, 4, 5, 6)
-
- 7. A computer software product for monitoring file system data accesses, including a computer storage medium in which computer program instructions are stored, which instructions, when executed by a computer, cause the computer to concurrently execute a monitor program and a kernel program, said kernel program servicing requests for data accesses in a file system, said file system comprising index nodes that respectively index descriptors of computer files, detect in said kernel program a request for access to one of said computer files, said request comprising a full path name of said one of said computer files, using said monitor program, obtain said full path name, using said kernel program, process said request by determining an identifier of one of said index nodes that corresponds to said one of said computer files and executing said request using said identifier, and said instructions further cause said computer to obtain said identifier with said monitor program while processing said request, memorize said full path name and said identifier as an entry in a log file, and access said log file for analysis of said requests for data access.
-
13. A data processing system for monitoring file system data accesses, comprising:
-
a processor; and a memory accessible to said processor that stores a monitor program and a kernel program, said processor operative to concurrently execute said monitor program and said kernel program, said kernel program servicing requests for data accesses in a file system, said file system comprising index nodes that respectively index descriptors of computer files, said processor is operative to detect in said kernel program a request for access to one of said computer files, said request comprising a full path name of said one of said computer files, using said monitor program, obtain said full path name, using said kernel program, process said request by determining an identifier of one of said index nodes that corresponds to said one of said computer files and executing said request using said identifier, and said processor is operative to obtain said identifier with said monitor program while processing said request, memorize said full path name and said identifier as an entry in a log file, and access said log file for analysis of said requests for data access. - View Dependent Claims (14, 15, 16, 17, 18)
-
Specification